Software: Microsoft-IIS/10.0. PHP/7.4.33 uname -a: Windows NT LAKE 10.0 build 20348 (Windows Server 2016) AMD64 IWPD_801(traduongco) Safe-mode: OFF (not secure) C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Logs\ drwxrwxrwx | |
| Viewing file: Select action/file-type: 00000004 00100000 0000015c 0000070e 0000059d 00000000000218e2 0000000e
223 01dc921ce91e6ac8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921cc4210c07 01dc921cc4f806cc Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc921cf321d12e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921ccd20b324 01dc921ccd20b324 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921e7f7cb95a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921e1b699c63 01dc921e5a4893a1 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921f08170d2a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921ee38b1272 01dc921ee426b454 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921f4ab8a2b5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921f23d14d4e 01dc921f247d4206 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921f9406c769 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921f4df0b111 01dc921f6d48f606 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921fc60e3040 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921f9f70f59d 01dc921fa037ca60 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92206d274f85 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92202d3da817 01dc9220492b2160 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92210307cabb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9220bd8d0fe0 01dc9220dc32c54e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc92212456269d 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc9220fd4db388 01dc9220fd501657 Block | File and Folder Access Attempts (program data) 7ff4 C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260130.009\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
234 01dc92214f8ff197 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92211721d06b 01dc92212ac895d5 Block | File and Folder Access Attempts (Public) cd38 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
23e 01dc92215ce66f24 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92212528e979 01dc9221382c2e54 Block | File and Folder Access Attempts (Public) cd38 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
234 01dc9221ce389cf3 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9221a464f749 01dc9221a8a24c67 Block | File and Folder Access Attempts (Public) cd38 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
23e 01dc9221d8519bf2 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92219a41e174 01dc9221b3a223ae Block | File and Folder Access Attempts (Public) cd38 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
234 01dc92221e446dc1 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9221e9c00a4e 01dc9221f8ca4fde Block | File and Folder Access Attempts (Public) c060 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
23e 01dc922224f376be 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9221f2dab2ae 01dc922200f7b976 Block | File and Folder Access Attempts (Public) c060 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc922285df7e0d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92220a7651a9 01dc9222601f5aaa Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc92228936e482 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Read 0000000000000000 01dc92226268050a 01dc92226268050a All Applications | [AC7-2.1] File and Folder Access Attempts 7c90 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40321EE3-D7EC-4257-98E1-D36711EA4521}\EDGEMITMP_B2750.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc92228936e482 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Delete 0000000000000000 01dc92226268050a 01dc92226268050a All Applications | [AC7-2.1] File and Folder Access Attempts 7c90 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40321EE3-D7EC-4257-98E1-D36711EA4521}\EDGEMITMP_B2750.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc92228936e482 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Write 0000000000000000 01dc92226268050a 01dc92226268050a All Applications | [AC7-2.1] File and Folder Access Attempts 7c90 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40321EE3-D7EC-4257-98E1-D36711EA4521}\EDGEMITMP_B2750.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e6 01dc92228fe026cc 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Read 0000000000000000 01dc92226b9e4f95 01dc92226b9e4f95 All Applications | [AC7-2.1] File and Folder Access Attempts 7c90 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40321EE3-D7EC-4257-98E1-D36711EA4521}\EDGEMITMP_B2750.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source31888_2043678812\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc92228fe026cc 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Delete 0000000000000000 01dc92226b9e4f95 01dc92226b9e4f95 All Applications | [AC7-2.1] File and Folder Access Attempts 7c90 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40321EE3-D7EC-4257-98E1-D36711EA4521}\EDGEMITMP_B2750.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source31888_2043678812\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc92228fe026cc 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Write 0000000000000000 01dc92226b9e4f95 01dc92226b9e4f95 All Applications | [AC7-2.1] File and Folder Access Attempts 7c90 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{40321EE3-D7EC-4257-98E1-D36711EA4521}\EDGEMITMP_B2750.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source31888_2043678812\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc9222c52d25cb 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9222a085f906 01dc9222a104f4d8 Block | File and Folder Access Attempts (Public) 91d8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc9222dc83699b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9222a8b88971 01dc9222b71f8a08 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92231525f611 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9222eedc47a8 01dc9222ef7776bb Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92237c6b9bab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922356cc736d 01dc922357a65ced Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc92252a25a6bd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc92250604f567 01dc92250604f567 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 55a8 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A4F2E582-C847-8A6C-8091-2ADFBE3F572E\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc92252a25a6bd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92250604f567 01dc92250604f567 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 55a8 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A4F2E582-C847-8A6C-8091-2ADFBE3F572E\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92252a25a6bd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92250604f567 01dc92250604f567 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 55a8 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A4F2E582-C847-8A6C-8091-2ADFBE3F572E\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922569956372 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9225421a88bd 01dc922542bd53b5 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9225d43028e5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9225af8e5403 01dc9225b0475227 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92262751a179 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92260161bd49 01dc922602262298 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92269bb751c4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9226607cb22d 01dc9226763035a5 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922710411934 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9226e4af1d7d 01dc9226e94d63db Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92281ac60d2b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9227f4d4f14b 01dc9227f4d4f14b Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9228df530376 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9228afbf2de7 01dc9228b88b962b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc922903f6e4c7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9228de202239 01dc9228de202239 Block | File and Folder Access Attempts (program data) 5834 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
28e 01dc92295a95a46f 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc922936d0ab00 01dc922936d0ab00 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 55a8 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A4F2E582-C847-8A6C-8091-2ADFBE3F572E\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92295a95a46f 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc922936d0ab00 01dc922936d0ab00 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 55a8 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A4F2E582-C847-8A6C-8091-2ADFBE3F572E\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9229614237bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92293b95414b 01dc92293c6807a2 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9229dfcd7037 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9229b8db0efd 01dc9229b9752d7f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc922a151cd809 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9229f138e232 01dc9229f138e232 Browser Restrictions | [AC13-1.2] Allow to launch system process 9d04 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc922a18727dd4 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""31256" "\\.\pipe\gecko-crash-server-pipe.31256" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1000" "1012"" Create Process 0000000000000000 01dc9229f1964caf 01dc9229f1964caf Browser Restrictions | [AC13-1.2] Allow to launch system process 7a18 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc922a6f2c9194 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922a49f6c05e 01dc922a4ab8b588 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922b29b3fc1d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922b02b22565 01dc922b038998d9 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922b54fc572f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922b3061c970 01dc922b3135d9f8 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc922c8451d428 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922c5dd608af 01dc922c5ea8f94b Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922de8bb07f1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922dc15738d7 01dc922dc1f7ccd0 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922ec4a38eb2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922e9fa51fb2 01dc922ea05d713f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922eec9e8e31 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922ec541a99d 01dc922ec609382e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922f39340285 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922f136f0382 01dc922f14084445 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc922f3fe097b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922f19f98e6c 01dc922f19f98e6c Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
239 01dc922f3fe097b3 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Read 0000000000000000 01dc922f1b6f427c 01dc922f1b6f427c Block | File and Folder Access Attempts (Temp) 2a80 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\7B42141B-F4D3-4E2B-90CD-D486E00B0DF7\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23b 01dc922f3fe097b3 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Delete 0000000000000000 01dc922f1b6f427c 01dc922f1b6f427c Block | File and Folder Access Attempts (Temp) 2a80 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\7B42141B-F4D3-4E2B-90CD-D486E00B0DF7\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23a 01dc922f3fe097b3 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Write 0000000000000000 01dc922f1b6f427c 01dc922f1b6f427c Block | File and Folder Access Attempts (Temp) 2a80 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\7B42141B-F4D3-4E2B-90CD-D486E00B0DF7\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922fa740faeb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922f7fb30d01 01dc922f825dba3c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc922fed326a11 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922fc58c4e29 01dc922fc6809ff7 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923022761c15 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc922ffbe2d0c5 01dc922ffc836174 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
239 01dc92309a5eabf1 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Read 0000000000000000 01dc923075c23bb4 01dc923075c23bb4 Block | File and Folder Access Attempts (Temp) 6df4 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\3BA1A5BD-1432-42E7-B3BD-BC7555F20160\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23b 01dc92309a5eabf1 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Delete 0000000000000000 01dc923075c23bb4 01dc923075c23bb4 Block | File and Folder Access Attempts (Temp) 6df4 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\3BA1A5BD-1432-42E7-B3BD-BC7555F20160\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23a 01dc92309a5eabf1 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Write 0000000000000000 01dc923075c23bb4 01dc923075c23bb4 Block | File and Folder Access Attempts (Temp) 6df4 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\3BA1A5BD-1432-42E7-B3BD-BC7555F20160\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92309daeef91 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9230772010b1 01dc9230772010b1 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9231bf7a710e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923198dd3e0f 01dc9231997dbd88 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923241671066 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92321b1380f6 01dc92321bbd7d2d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92334bd82c0c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923311f8b2b3 01dc923326670ab4 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923387b615b2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92335a95bf69 01dc923363783040 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc9233c3bfdf9a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92339f5836cc 01dc92339f5836cc Block | File and Folder Access Attempts (program data) 2110 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9233de64a98f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9233b8985415 01dc9233b9393609 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92342af23661 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9233e583e5ef 01dc92340688bcca Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923477a5c0d8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923452354a03 01dc923452d0ff1a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9234e2247ef6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9234b7be83d4 01dc9234bd0cce9a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9235fd1972a9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9235d6dd0ad9 01dc9235d7718e54 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92367f0fad64 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923658da4c8c 01dc9236597fbc99 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923725a5e0af 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9236dad84b55 01dc9236fe9e65f1 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9238581eb2ae 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923831ce98d4 01dc923833f7b902 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9238f4a9a557 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9238cd01a211 01dc9238cdbdb6fa Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
222 01dc923901fd1421 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9238dcd1a531 01dc9238dcd1a531 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92393dfa109e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923917448720 01dc92391872179e Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923a5c5db8a2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923a36ef4564 01dc923a37b3d882 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
222 01dc923b92064d54 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923b6db4edde 01dc923b6db4edde Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc923c352c419a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc923c1114ba7b 01dc923c1114ba7b Block | File and Folder Access Attempts (program data) 6ba4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc923c4929b005 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923c2283326d 01dc923c2351283e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923db0f3af78 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923d7acd9cff 01dc923d8bb292e0 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923e28e0fefb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923de74abae2 01dc923e02cf3a2f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc923e32e49931 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923e0c33354b 01dc923e0c33354b Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923ec5643645 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923e9df08407 01dc923e9eab5673 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923f72ae19e4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923f49055b22 01dc923f4d764136 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc923fbbf75b18 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923f95dc3a21 01dc923f96b6778b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
234 01dc923fe3e2781e 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc923f9d483858 01dc923fbdbe99fe Block | File and Folder Access Attempts (Public) d348 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc923fede31823 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc923fc7aa6e3c 01dc923fc87f939b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc924047bfb11b 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92401f7abffd 01dc9240234c0b6f Block | File and Folder Access Attempts (Public) 8554 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc92409799566e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9240634d9df4 01dc924071a1a065 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9240c988f992 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9240a5a71b04 01dc9240a5a71b04 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92412a22dd2a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924101fa97ee 01dc9241058be77e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9241875b4615 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92415df63b4c 01dc9241609b1c34 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9242ebc009e5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9242c5781d2a 01dc9242c618abd7 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc924370e9e379 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924331195570 01dc92434bc24ccd Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc9243779346d0 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92434b0ea4bc 01dc924353b3a2a9 Block | File and Folder Access Attempts (program data) 19e4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc9243779346d0 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92434b900057 01dc9243529b64fd Block | File and Folder Access Attempts (program data) 19e4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
23e 01dc924384eefb1a 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9243600186eb 01dc9243600186eb Block | File and Folder Access Attempts (Public) 19e4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc9243f62b4124 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9243b869f9f6 01dc9243d00a8b7d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92441ad4ddab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9243f425bd5d 01dc9243f4f627fe Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9245ed0f155d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9245c679f4ec 01dc9245c679f4ec Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924664f72b59 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92461ca48f0a 01dc92463fdaa7ab Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9246e39aa6a6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9246bed9f910 01dc9246bfa7f75e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92478d4e8f4c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9247622f740b 01dc9247685015d7 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9247d3305feb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9247ab5e9224 01dc9247ac27c116 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9249022ad6eb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9248dac44421 01dc9248db6c00db Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9249162a321d 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9248f24334c6 01dc9248f24334c6 Block | File and Folder Access Attempts (program data) a5fc C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9249a20eb514 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924978d0fbf6 01dc92497b56eaa9 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924a8e6fe074 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924a696c0612 01dc924a6a2b9e86 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924ade689eb8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924ab899e23d 01dc924ab9938522 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924b06635426 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924ae0a35907 01dc924ae186d595 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc924b9f8f13c6 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc924b7bc30eee 01dc924b7bc324f9 Block | File and Folder Access Attempts (Public) 96c4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc924bc0d9f280 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924b99031b77 01dc924b99cc3aaa Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc924c06cbcb25 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc924be1c81fe8 01dc924be1c81fe8 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc924c06cbcb25 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc924be1cf4582 01dc924be1cf4582 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc924c1e18b6bb 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc924bf87b98f7 01dc924bf87b98f7 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc924c46112fa6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924c1ef683bd 01dc924c20022c14 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc924c5017130e 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc924c29d4e247 01dc924c29d4e247 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc924c8c0e3af8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924c5994c59e 01dc924c65959d16 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924d0dd8d982 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924cd668fafa 01dc924ce9bf422f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924d506cbe5a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924d0ff63772 01dc924d2a4a9a32 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924de64cf9c6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924dbc97840c 01dc924dc08679f1 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc924e224a788b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924dfa87da76 01dc924dfb9430cf Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc924edceecfd3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924eb2235e8a 01dc924eb8d7d7a1 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc924f158e7802 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc924eeec853ab 01dc924eeec853ab Prevent modification of system files | [AC14-2.1] Prevent modification of system files acc0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AC22C369-9845-71DC-19DC-024A8E9A559B\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc924f158e7802 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc924eeec853ab 01dc924eeec853ab Prevent modification of system files | [AC14-2.1] Prevent modification of system files acc0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AC22C369-9845-71DC-19DC-024A8E9A559B\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc924f158e7802 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc924eeec853ab 01dc924eeec853ab Prevent modification of system files | [AC14-2.1] Prevent modification of system files acc0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AC22C369-9845-71DC-19DC-024A8E9A559B\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc924f40d6061c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924f170dcb6a 01dc924f1a26b79b Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92500bf3bb0e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924fe724c0f6 01dc924fe724c0f6 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925030c40920 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc924fe6952525 01dc92500bd95c45 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92509148b9c4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925058988130 01dc92506a67c3c0 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925162f65657 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92513e0ab3f5 01dc92513edb1aef Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92518ae4ecb6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925163a65470 01dc9251646f81a3 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9251dadc02ef 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9251b3f833f6 01dc9251b4cbbee4 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9252ba1345b7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9252962658d6 01dc9252962658d6 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925331eec6da 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9252f7b2abd8 01dc92530d8e548b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc925345f3b0ec 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92531f9a4ec2 01dc92531f9a4ec2 Prevent modification of system files | [AC14-2.1] Prevent modification of system files acc0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AC22C369-9845-71DC-19DC-024A8E9A559B\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc925345f3b0ec 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92531f9a4ec2 01dc92531f9a4ec2 Prevent modification of system files | [AC14-2.1] Prevent modification of system files acc0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AC22C369-9845-71DC-19DC-024A8E9A559B\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92542bb1dbfc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9253fd70b829 01dc925405c4d8f8 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92552c10d652 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9254fe5fe836 01dc925507af375e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92564ddbf5f4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925626881894 01dc925627647b9f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92569a68b71d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92567572f12e 01dc92567640e430 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92571c325041 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9256f4854c1b 01dc9256f5514bdc Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc92574ad9df45 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9257242bd857 01dc9257242bd857 Browser Restrictions | [AC13-1.2] Allow to launch system process 64d0 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc92574ad9df45 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""45500" "\\.\pipe\gecko-crash-server-pipe.45500" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "940" "948"" Create Process 0000000000000000 01dc925724c4de94 01dc925724c4de94 Browser Restrictions | [AC13-1.2] Allow to launch system process b1bc C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc92580565c0f2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9257e0dece72 01dc9257e17f5892 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9258374b204e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc925812678263 01dc925812678263 Block | File and Folder Access Attempts (program data) 5458 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92583a9bb4ab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925813e47efc 01dc925814a2128a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9258da5fe757 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9258b694eab7 01dc9258b694eab7 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9259239e17bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9258fc386b39 01dc9258fcfd9f45 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925973873ea5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92594d21ffd2 01dc92594dc00a84 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925a2aa577ee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925a05947a1c 01dc925a0663a24c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925ae536916a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925ac0092fb0 01dc925ac0f8c89e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc925b45b69398 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925b0fec158b 01dc925b1ec5a46e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc925bdb851df7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925bb62a2a62 01dc925bb62a2a62 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925d0425349c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925ccf9f40e8 01dc925cddba57d5 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc925d1edfd4a4 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc925cf8891243 01dc925cf8891243 Block | File and Folder Access Attempts (Public) 84f0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
285 01dc925d4dd68857 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc925d29d8d3f0 01dc925d29d8d3f0 Block | File and Folder Access Attempts (program data) b3d0 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc925dab13ee62 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925d83e5f692 01dc925d84d3941a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925e1fd9726a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925dfb2a4dc5 01dc925dfc021251 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc925ebfc00264 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925e9a3f8a6b 01dc925e9b1e5ad0 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc925ed70e7c16 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925eb05b8286 01dc925eb05b8286 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925f1308d133 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925eec841569 01dc925eef42ffc9 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925f6d457191 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925f1ba89bc2 01dc925f46cd16f3 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc925fcdd96ef4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925f94561fd7 01dc925fa80d4579 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9260211c9263 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc925ffb1163a7 01dc925ffc08fbf6 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc926098ff4d0d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926071bdd07c 01dc92607290ccf4 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92617b78fda7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926155805d4d 01dc92615625b04a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9261ceb993ad 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9261a6fd2297 01dc9261a7e63dff Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9261e609f921 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9261bfe88a4e 01dc9261bfe88a4e Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9262c8c4c09d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92629ed94d86 01dc9262a3386dea Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc92634430dc0d 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92631fb3fabd 01dc92631fb3fabd Block | File and Folder Access Attempts (program data) 6940 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92634788a8f9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92630d65a8a6 01dc926323853829 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc926368d99a42 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc926343ef84b2 01dc926343ef84b2 Block | File and Folder Access Attempts (program data) d618 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
222 01dc926433ea87c1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92640f34f512 01dc92640f34f512 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc9264c3228c53 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc92649da491fd 01dc92649da491fd Browser Restrictions | [AC13-1.2] Allow to launch system process 451c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2ea 01dc9264c3228c53 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""16908" "\\.\pipe\gecko-crash-server-pipe.16908" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "952" "1020"" Create Process 0000000000000000 01dc92649df3a730 01dc92649df3a730 Browser Restrictions | [AC13-1.2] Allow to launch system process 420c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc9264e7bf6998 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9264b40864e6 01dc9264c1699491 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926527132069 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926501ad04da 01dc92650290f555 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92663855fd07 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92660edbbcef 01dc926613759c68 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9266f29ab942 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9266cbd56ed7 01dc9266ccbdbd62 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926817cd586b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9267f10fb59d 01dc9267f1cf6877 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92687878fd22 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9268519a1b4d 01dc9268528dfeb3 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9268826ee139 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92682b2bf247 01dc92685d15bd81 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc9268f3b4ac82 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9268c00ce772 01dc9268cce88053 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc926904587335 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9268df739228 01dc9268df739228 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9269366a2351 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926910a24955 01dc926911452557 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9269833ceb18 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92695ba0da23 01dc92695df5019a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926aa1bf2c33 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926a7b8e4ee2 01dc926a7c3864ef Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926b9543061f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926b5ba1b083 01dc926b714bcc47 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
222 01dc926bafecf817 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926b8abc96d5 01dc926b8abc96d5 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926c9fbf3e89 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926c74ffad30 01dc926c79a1bb63 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926d144354fa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926ce5ffb714 01dc926cee352f1b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc926e0e2b9a0f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926de90860af 01dc926de90860af Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926ed5ebebbf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926e50ccad78 01dc926eb0a9409d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc926f0b340da4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926ee5386605 01dc926ee5d3fa89 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc926f9640d93c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc926f6ee56c5f 01dc926f6f90276f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927089446882 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927065577125 01dc927065577125 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9270c5361719 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9270a005d7c4 01dc9270a0a17eaf Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92711866145e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9270f2f3c63a 01dc9270f2f3c63a Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92712fb0b71b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92710ab4b5b6 01dc92710b639606 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc9271405ad30a 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9271086c4db4 01dc92711a429027 Block | File and Folder Access Attempts (Public) acd8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
23e 01dc9271405ad30a 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92711bf95eb7 01dc92711bf95eb7 Block | File and Folder Access Attempts (Public) 815c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
222 01dc92714da8adec 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9271277217b3 01dc9271281ec371 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927168544ff3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9271354c12ad 01dc92714275c949 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9272335069f9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92720c0d9e72 01dc92720cb2d65d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92726bf8ada6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92724631498d 01dc927246f5e107 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9273128663bb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9272ee23797f 01dc9272ee23797f Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92736fcf8666 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92734958d73a 01dc92734a0556d5 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc92743af0153f 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9273f6c34ae8 01dc927416594560 Block | File and Folder Access Attempts (Public) 2d44 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc92743af0153f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927403bed011 01dc9274166c6a80 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92745fab1f74 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92743ac024d0 01dc92743b763f32 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc92746cf50426 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc927447152c57 01dc927447152c57 Block | File and Folder Access Attempts (Public) 2d44 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc927516f68399 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9274ef49dc21 01dc9274eff93d03 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927595681c6d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927570c38fa4 01dc927570c38fa4 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92762b194218 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9275ea59a6bf 01dc9276070752fd Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927677c6857d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92765347637a 01dc92765347637a Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92770bb9176d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9276e6cae195 01dc9276e785b144 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc927747a9b61c 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc927723c2ef16 01dc927723c2ef16 All Applications | [AC7-2.1] File and Folder Access Attempts 233c C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B4E7F4B-5D99-4A3B-AB77-9D0A3F483BDE}\EDGEMITMP_E480C.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d1 01dc927747a9b61c 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc927723c2ef16 01dc927723c2ef16 All Applications | [AC7-2.1] File and Folder Access Attempts 233c C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B4E7F4B-5D99-4A3B-AB77-9D0A3F483BDE}\EDGEMITMP_E480C.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc927747a9b61c 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc927723c2ef16 01dc927723c2ef16 All Applications | [AC7-2.1] File and Folder Access Attempts 233c C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B4E7F4B-5D99-4A3B-AB77-9D0A3F483BDE}\EDGEMITMP_E480C.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e5 01dc927751a168f6 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc92772cf4577a 01dc92772cf4577a All Applications | [AC7-2.1] File and Folder Access Attempts 233c C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B4E7F4B-5D99-4A3B-AB77-9D0A3F483BDE}\EDGEMITMP_E480C.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source9020_750344128\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc927751a168f6 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc92772cf4577a 01dc92772cf4577a All Applications | [AC7-2.1] File and Folder Access Attempts 233c C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B4E7F4B-5D99-4A3B-AB77-9D0A3F483BDE}\EDGEMITMP_E480C.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source9020_750344128\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e6 01dc927751a168f6 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc92772cf4577a 01dc92772cf4577a All Applications | [AC7-2.1] File and Folder Access Attempts 233c C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{7B4E7F4B-5D99-4A3B-AB77-9D0A3F483BDE}\EDGEMITMP_E480C.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source9020_750344128\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92779e21cd93 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9277470be24f 01dc927779737e11 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92780223507e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9277b7782dc0 01dc9277db852bfc Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927876d2e565 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92783f2c48ad 01dc9278527ac68d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9278ca228e5d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9278a36caa27 01dc9278a457d9ad Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9278ca228e5d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9278a3983d78 01dc9278a3983d78 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
28d 01dc9278fc1e11c6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc9278d7ac7f30 01dc9278d7ac7f30 Prevent modification of system files | [AC14-2.1] Prevent modification of system files a174 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\4F2F245B-3514-00ED-83AA-2FFF3DAC8B27\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
28e 01dc9278fc1e11c6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc9278d7ac7f30 01dc9278d7ac7f30 Prevent modification of system files | [AC14-2.1] Prevent modification of system files a174 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\4F2F245B-3514-00ED-83AA-2FFF3DAC8B27\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
290 01dc9278fc1e11c6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc9278d7ac7f30 01dc9278d7ac7f30 Prevent modification of system files | [AC14-2.1] Prevent modification of system files a174 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\4F2F245B-3514-00ED-83AA-2FFF3DAC8B27\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92790970da1d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9278e4a14ea2 01dc9278e560fb8d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9279635a4359 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92793c0d2a72 01dc92793cd793c9 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927973fc75c6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92794f7ff080 01dc92794f7ff080 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9279a2a04303 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92797c65b900 01dc92797d0fbc0c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927abd9d337b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927a972ed773 01dc927a97c82aaf Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927b88c5b259 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927b64633b66 01dc927b64633b66 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc927bcb6805b4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927ba492b977 01dc927ba54e1129 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927d1536ac33 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927cc4f65556 01dc927cef190d54 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc927d2c92357e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc927d087d153c 01dc927d087d153c Prevent modification of system files | [AC14-2.1] Prevent modification of system files a174 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\4F2F245B-3514-00ED-83AA-2FFF3DAC8B27\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc927d2c92357e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc927d087d153c 01dc927d087d153c Prevent modification of system files | [AC14-2.1] Prevent modification of system files a174 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\4F2F245B-3514-00ED-83AA-2FFF3DAC8B27\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927d61d8221a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927d27b4fc27 01dc927d3c709b84 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927da2049798 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927d50fa2ddc 01dc927d7cef8fc1 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927df1ea685c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927dcd6f9962 01dc927dcd6f9962 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927e0293dff1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927ddd32425d 01dc927dddef85bb Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc927e4f1a6825 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927e275e55fe 01dc927e28086e4e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927ed43310c3 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc927ead84520d 01dc927ead84520d Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc927ed43310c3 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc927ead8917bc 01dc927ead8917bc Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc927ee832ae64 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc927ec44b69ca 01dc927ec44b69ca Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc927f210725c5 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc927efbc4419e 01dc927efbc4419e Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc927f6a57cb58 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927f287f038a 01dc927f4463d64c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc927f71091b06 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927f413eff30 01dc927f4ab621d5 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92800a7f5d3b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc927fc0494581 01dc927fe544004c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc928050745f6c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928029bd265f 01dc928029bd265f Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92808918fe42 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92805985048d 01dc928064b35c93 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92812fa5ef7b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92810ac60cc9 01dc92810bbf188a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc928236b73255 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92820fef1019 01dc928210b39348 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00222 01dc9282a49b439c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92827dfed94a 01dc92827dfed94a Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9282f7e6403e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9282d2c4a7f2 01dc9282d392b556 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92833dca0460 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928303edf788 01dc92831916fbfa Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9283d6fac06a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9283b146ceac 01dc9283b1fa5041 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc928455a1a412 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928430b09304 01dc9284315d0dd2 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92849827aff2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9284710d8065 01dc9284719f8f5a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9284eed58b55 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9284c817dd2a 01dc9284c8c92cd2 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9284f8d4eda7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9284d2f0db59 01dc9284d2f0db59 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92867e896d5c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92864df21691 01dc928657afe9ca Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9286ec742fa7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9286c49358d6 01dc9286c579628b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92873fc1a616 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92871943bf51 01dc92871943bf51 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc928749b89269 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92872391995e 01dc9287246f3a0c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92876aff836a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928744e04cdc 01dc928744e04cdc Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc928822229534 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9287fdf7fef2 01dc9287fdf7fef2 Block | File and Folder Access Attempts (program data) be78 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
222 01dc9288935cc99b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92886e91ae41 01dc92886e91ae41 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9289a47d8dfe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92897ad56a97 01dc92897d7f7b23 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc928a0f1c548c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9289e90d6964 01dc9289e90d6964 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc928a3da7ae0d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928a18afb0e1 01dc928a19c31961 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc928b30aa77e8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928b0bd52828 01dc928b0ca1d9ab Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc928b3e0451f0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928b196ac2ce 01dc928b196ac2ce Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc928d888b4931 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928d61e0c4dc 01dc928d61e0c4dc Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc928fc25eceec 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc928f9b70e8e9 01dc928f9b70e8e9 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9291f23cd553 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9291cc7755d6 01dc9291cc7755d6 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc9291f58f64c2 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9291d09053af 01dc9291d09053af Browser Restrictions | [AC13-1.2] Allow to launch system process a018 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc9291f58f64c2 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""36612" "\\.\pipe\gecko-crash-server-pipe.36612" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1004" "1016"" Create Process 0000000000000000 01dc9291d12b8a7b 01dc9291d12b8a7b Browser Restrictions | [AC13-1.2] Allow to launch system process 8f04 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc92933c0ec6fd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc929314090bad 01dc9293170744a5 Block Write | File and Folder Access Attempts aec8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9293f6af3993 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9293d0525ac4 01dc9293d0525ac4 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc929522ae279e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9294fc935d86 01dc9294fd3d6920 Block Write | File and Folder Access Attempts aec8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9295f7c0ab9a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9295d0f71390 01dc9295d0f71390 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc929647bea8f6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92961fed6eb5 01dc929620b4bd9b Block Write | File and Folder Access Attempts aec8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cc 01dc92966fb5a324 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc92964b9b560c 01dc92964b9dc418 Prevent modification of system files | [AC14-2.1] Prevent modification of system files cc28 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\D679C853-5500-426A-A645-8014E38569E5MpCommU\mpam-727e3daa.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc92966fb5a324 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc92964b9d9965 01dc92964b9dc418 Prevent modification of system files | [AC14-2.1] Prevent modification of system files cc28 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\D679C853-5500-426A-A645-8014E38569E5MpCommU\mpam-727e3daa.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2c9 01dc92966fb5bb0e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc92964ba1f6ec 01dc92964ba3e675 Prevent modification of system files | [AC14-2.1] Prevent modification of system files cc28 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\9DD99B3B-4031-4FE7-A48C-62D21A7AFE03MpCommU\UpdatePlatform.exe Default LAKE$ WORKGROUP 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc92966fb5bb0e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc92964ba35a96 01dc92964ba3e675 Prevent modification of system files | [AC14-2.1] Prevent modification of system files cc28 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\9DD99B3B-4031-4FE7-A48C-62D21A7AFE03MpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc929748158c2f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9297227bc84c 01dc92972342b65b Block Write | File and Folder Access Attempts aec8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92978ac3a48a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc929763426144 01dc929763f88487 Block Write | File and Folder Access Attempts aec8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9297eea3e49e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9297c7b4e7f0 01dc9297c7b4e7f0 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc929ccbed3e68 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc929ca3bb30dd 01dc929ca6a40f1f Block Write | File and Folder Access Attempts 6bc0 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc929d75d5d166 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc929d4f08d381 01dc929d502f602e Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc929dc5bc95ac 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc929da07b9cf6 01dc929da07b9cf6 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
234 01dc929e2641ed29 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc929e015fe3a5 01dc929e015fe3a5 Block | File and Folder Access Attempts (Public) 4dc C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
234 01dc929e36e8e9de 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc929e07cd48ae 01dc929e0fd3ddc8 Block | File and Folder Access Attempts (Public) 9398 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc929f4497107b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc929f19b5f714 01dc929f1fcb8ff0 Block Write | File and Folder Access Attempts 6bc0 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc929f6fe4c0d1 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc929f4ac92e5e 01dc929f4ac92e5e Browser Restrictions | [AC13-1.2] Allow to launch system process 4b70 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2ea 01dc929f6fe4c0d1 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""47608" "\\.\pipe\gecko-crash-server-pipe.47608" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "876" "1020"" Create Process 0000000000000000 01dc929f4b7809ef 01dc929f4b7809ef Browser Restrictions | [AC13-1.2] Allow to launch system process b9f8 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc92a03ae8919a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92a014f0b2e9 01dc92a0165e5bff Block Write | File and Folder Access Attempts 6bc0 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92a2a633ce08 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92a271ff8864 01dc92a2813e1cca Block Write | File and Folder Access Attempts 6bc0 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc92a2e559dd4b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc92a2c088655b 01dc92a2c088655b Prevent modification of system files | [AC14-2.1] Prevent modification of system files b0e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A9CE2FD4-5639-91F1-7292-3C866B724EA5\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc92a2e559dd4b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92a2c088655b 01dc92a2c088655b Prevent modification of system files | [AC14-2.1] Prevent modification of system files b0e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A9CE2FD4-5639-91F1-7292-3C866B724EA5\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92a2e559dd4b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92a2c088655b 01dc92a2c088655b Prevent modification of system files | [AC14-2.1] Prevent modification of system files b0e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A9CE2FD4-5639-91F1-7292-3C866B724EA5\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92a30698766b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92a2e02a2864 01dc92a2e02a2864 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92a3b887c1d0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92a393303d22 01dc92a393303d22 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc92a5415edb52 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92a51897c976 01dc92a51b5667e7 Block | File and Folder Access Attempts (Public) 1270 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
28e 01dc92a716f267dc 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92a6f1585702 01dc92a6f1585702 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b0e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A9CE2FD4-5639-91F1-7292-3C866B724EA5\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92a716f267dc 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92a6f1585702 01dc92a6f1585702 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b0e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A9CE2FD4-5639-91F1-7292-3C866B724EA5\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92a82eed6b88 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92a809b92d9e 01dc92a809b92d9e Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92a900c40663 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92a8daf4196b 01dc92a8daf4196b Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92aa65718615 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92aa3aa31cc6 01dc92aa3f298974 Block Write | File and Folder Access Attempts ae7c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc92ae7b57a0f3 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92ae55803e45 01dc92ae55803e45 Block | File and Folder Access Attempts (program data) a448 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92aeefed67eb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92aec8091ac1 01dc92aecbfc771e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc92afd2446ec9 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92afabf73cd7 01dc92afabf73cd7 Block | File and Folder Access Attempts (program data) 43c8 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92b05e29e751 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b035fd552a 01dc92b037aed637 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b0e027a2d3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b0961a3bf2 01dc92b0b9d3f925 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92b19ad3060f 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92b176857196 01dc92b176857196 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc92b19ad3060f 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92b17687d2f3 01dc92b17687d2f3 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc92b1b23e96c3 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92b18d3567d2 01dc92b18d3567d2 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc92b1ccef9a3a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b1769e3281 01dc92b1a6dc26e2 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc92b1e0e62fc3 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92b1bb8760c6 01dc92b1bb8760c6 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc92b1f4e36385 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b1cf94b296 01dc92b1d051f440 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b3384809e6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b2ee74a31c 01dc92b313d348a0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b35ce9f380 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b337c44259 01dc92b33883ecb6 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b44cf27f59 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b4100a6069 01dc92b42738f3c0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b4963f3b5c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b45f204a95 01dc92b4721cdf7f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b4be2e3ac0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b49697fe97 01dc92b4978ee152 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b550a81750 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b5188fa474 01dc92b52b74c43d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b6047a87ed 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b5de9dcfde 01dc92b5df47ece1 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b6da1870f7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b6b48e57a6 01dc92b6b5341a6c Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b70f8a6d28 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b6ea89acd2 01dc92b6eb67fa4e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b7a5694419 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b77f5c1f64 01dc92b78016d7b7 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b7f1faa93e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b7cbec2033 01dc92b7cc87d199 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b8274932c0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b801034ec0 01dc92b80197d87d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92b852869406 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b82ca74520 01dc92b82ca74520 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b898854d27 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b85f9ad5e4 01dc92b8732d05f5 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b8d10eeb72 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b8ab4a3b70 01dc92b8ac24e08b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b8fc7436bb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b8d674083b 01dc92b8d759ae04 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b9385dc44d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b910cd2bfe 01dc92b9116da216 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92b981a81ed4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b935d241d8 01dc92b95b45d6e0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92b9d4e2145d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92b9962d9133 01dc92b9ae4bf60b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ba64294521 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ba3ed8c103 01dc92ba3f79215c Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bac80d74c5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92baa0ea46a5 01dc92baa1b3846a Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc92bad21349b0 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92baab38e4ed 01dc92baab38e4ed Block | File and Folder Access Attempts (program data) 1390 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92bb3fe9cb52 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bb18a186a0 01dc92bb194e01dc Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bbb11ff715 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bb8838b028 01dc92bb8c982513 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc92bc51157684 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92bc2d19e545 01dc92bc2d19e545 Block | File and Folder Access Attempts (Public) 99a8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc92bcc5a60018 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bc8aed3d9b 01dc92bca0ec30c6 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc92bce6f07ac5 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92bcc2a49b19 01dc92bcc2a49b19 Block | File and Folder Access Attempts (program data) 86d4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92bcfe414d10 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bcc54145ef 01dc92bcda6b0ae5 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92bd584abad2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bd31a0dbaf 01dc92bd31a0dbaf Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bd5b9d5194 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bd3697d6b0 01dc92bd373f883e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bdd02f3243 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bdab55f2f8 01dc92bdabfd9e98 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92bddd8be614 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bdb8093661 01dc92bdb8093661 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92be480c7489 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92be21606c22 01dc92be221db2b3 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92be695de82f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92be1f85ff77 01dc92be43384147 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92be80ab7cd7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92be5bd172e1 01dc92be5c8c4e8c Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bee14b438c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bebaea6203 01dc92bebb9bb27b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bf2aa99ec5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bee5220ad3 01dc92bf0615d1fb Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92bf98aa4d3f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92bf73003028 01dc92bf739715ca Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c03f1251dd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c0193a1da9 01dc92c0193a1da9 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c1c1e76a4e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c19bb60808 01dc92c19debd7ad Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c22c648055 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c206522712 01dc92c208087832 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c2366beee7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c2121241b9 01dc92c2121241b9 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c2545675c1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c22cbac37c 01dc92c22e7659ae Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c2c26e86ed 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c29ce3a747 01dc92c29de323f1 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c3123ad11b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c2d3dfdf57 01dc92c2ee4def4b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c3b8c3d84a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c35f8aec83 01dc92c392afd0b8 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c3e764567b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c3c1a1bd78 01dc92c3c2bea3c7 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c4308e22f9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c409d7b89b 01dc92c409d7b89b Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c4e7b2d0d8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c4b108dfd4 01dc92c4c3013c9a Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c5738c4c39 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c54d3e06d5 01dc92c54df8e498 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c59b82a0ae 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c57305ef04 01dc92c574709221 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c5e4b86cde 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c5bf0b18c7 01dc92c5bfab7931 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c5f203b1f8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c5cdb3dbad 01dc92c5cdb3dbad Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c67dec28dc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c656ad8e70 01dc92c6576ad584 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c6d134b9a1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c6903fe7b4 01dc92c6aadc8746 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c75345a804 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c71737c0c8 01dc92c72d7f696b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c7bdba9e24 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c79727b83c 01dc92c79727b83c Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c7dbaf19fa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c79101df37 01dc92c7b653be44 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c83fd173b8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c81adb007e 01dc92c81bb00708 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c8b452d7fc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c88d12a172 01dc92c88de5677b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c8c19f86e1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c891e9e3a9 01dc92c89d97a277 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc92c9223dec8e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92c8fd90faf6 01dc92c8fd9a858b Block | File and Folder Access Attempts (program data) d37c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92c9223dec8e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92c8fd90faf6 01dc92c8fda8e536 Block | File and Folder Access Attempts (program data) d37c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92c925916681 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c8fd9f5aa6 01dc92c8febd5e68 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c9618c9057 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c93b8ef352 01dc92c93c49c766 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92c9d2dbda9b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c9abd33978 01dc92c9ac18af56 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92c9d2dbda9b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92c9ad740c4b 01dc92c9ae2c84b0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ca308a54ea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ca0b75f302 01dc92ca0c43f18f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc92ca3a8e5128 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc92ca14ddd7b0 01dc92ca14ddd7b0 All Applications | [AC7-2.1] File and Folder Access Attempts 39ac C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{82FAA58E-1D1F-4C78-8CB3-B075CFF73296}\EDGEMITMP_7AD07.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d1 01dc92ca3a8e5128 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc92ca14ddd7b0 01dc92ca14ddd7b0 All Applications | [AC7-2.1] File and Folder Access Attempts 39ac C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{82FAA58E-1D1F-4C78-8CB3-B075CFF73296}\EDGEMITMP_7AD07.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc92ca3a8e5128 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc92ca14ddd7b0 01dc92ca14ddd7b0 All Applications | [AC7-2.1] File and Folder Access Attempts 39ac C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{82FAA58E-1D1F-4C78-8CB3-B075CFF73296}\EDGEMITMP_7AD07.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc92ca448ad9ea 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc92ca1fc2e98a 01dc92ca1fc2e98a All Applications | [AC7-2.1] File and Folder Access Attempts 39ac C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{82FAA58E-1D1F-4C78-8CB3-B075CFF73296}\EDGEMITMP_7AD07.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source14764_1125490420\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e9 01dc92ca448ad9ea 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc92ca1fc2e98a 01dc92ca1fc2e98a All Applications | [AC7-2.1] File and Folder Access Attempts 39ac C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{82FAA58E-1D1F-4C78-8CB3-B075CFF73296}\EDGEMITMP_7AD07.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source14764_1125490420\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc92ca448ad9ea 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc92ca1fc2e98a 01dc92ca1fc2e98a All Applications | [AC7-2.1] File and Folder Access Attempts 39ac C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{82FAA58E-1D1F-4C78-8CB3-B075CFF73296}\EDGEMITMP_7AD07.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source14764_1125490420\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
298 01dc92cabcf9957d 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc92ca98dcb946 01dc92ca98dcb946 Block | File and Folder Access Attempts (program data) d0b8 C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260131.002\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
223 01dc92cacd962d60 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92caa8429fb1 01dc92caa9394711 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92cb20c5ce57 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92caebbe1a00 01dc92cafcf710fa Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92cb52a8a348 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cb2c1ec62b 01dc92cb2ce525e2 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92cbb6874c36 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cb91721693 01dc92cb92176984 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92cc0d116628 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cbd377ecc0 01dc92cbe74495bb Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92cc6aa0c41d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cc45b02f71 01dc92cc465f0deb Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
35d 01dc92cca3274265 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc92cc7cf31796 01dc92cc7cf31796 Browser Restrictions | [AC13-1.2] Allow to launch system process c498 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc92cca3274265 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""52684" "\\.\pipe\gecko-crash-server-pipe.52684" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "948" "944"" Create Process 0000000000000000 01dc92cc7da20a39 01dc92cc7da20a39 Browser Restrictions | [AC13-1.2] Allow to launch system process cdcc C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
28d 01dc92ccce6a7efa 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc92cca96b99cb 01dc92cca96b99cb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1ea0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F0AD2366-2330-EC9A-A9C0-6004EABDCD85\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc92ccce6a7efa 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92cca96b99cb 01dc92cca96b99cb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1ea0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F0AD2366-2330-EC9A-A9C0-6004EABDCD85\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92ccce6a7efa 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92cca96b99cb 01dc92cca96b99cb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1ea0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F0AD2366-2330-EC9A-A9C0-6004EABDCD85\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ccd518cda4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cc997929a0 01dc92ccae3dae5d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92cf0804b961 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cede685b6a 01dc92cee28863fc Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
222 01dc92cfe731216d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cfc2c5a7cb 01dc92cfc2c5a7cb Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d00f1b4e0b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92cfe7e7343b 01dc92cfe89f9ac2 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d033b82e1d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d00d4c9d9e 01dc92d00e2b920f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92d06c4031e9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d047da9926 01dc92d047da9926 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d0a4cf3056 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d07e3bb720 01dc92d07ed4ea9e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc92d0fea6c16d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92d0da357392 01dc92d0da357392 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1ea0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F0AD2366-2330-EC9A-A9C0-6004EABDCD85\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92d0fea6c16d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92d0da357392 01dc92d0da357392 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1ea0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F0AD2366-2330-EC9A-A9C0-6004EABDCD85\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d129f29a4a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d0f1041721 01dc92d10407bf9a Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92d173291077 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d12f1fbfd7 01dc92d14f13c059 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d255ac647b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d22ea49dbb 01dc92d22f622f59 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d2a235c4d0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d25a6384f1 01dc92d27c88ac94 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92d2b97c876f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d294105ebf 01dc92d294198c77 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d2e17ae5c3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d2bb29ad3d 01dc92d2bc134285 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d320c18083 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d2fa4175d2 01dc92d2fae1dfb5 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d34f4129d2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d32769f7e7 01dc92d328640271 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d39f2faa20 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d35043e0fc 01dc92d37a42b6a1 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d413a9df9f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d3ec2e2ea4 01dc92d3ed03411e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d4743c60ec 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d4395eddf0 01dc92d44d783ae9 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d4b6e94271 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d48fb206bf 01dc92d4908c213b Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92d55d5c64e8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d5379af16e 01dc92d538342a35 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d5889cd2df 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d56104dc85 01dc92d561cbb543 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d5fd224472 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d5b37c8fea 01dc92d5d817f93d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d664540c7e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d63de4e57e 01dc92d63ea6e2ef Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc92d667ab1861 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92d643022b0a 01dc92d64303d9bd Block | File and Folder Access Attempts (program data) 1ff4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92d71b7de2ec 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d6f5db12bc 01dc92d6f68043ae Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d7ea4b2e0e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d737300607 01dc92d7c5b88199 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d818eb4995 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d7f2cf06b6 01dc92d7f36f6f29 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d929cfc784 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d904907301 01dc92d9054b638e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d96fabeecb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d93317f21f 01dc92d949ce2359 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92d9aef332d1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d98a450505 01dc92d98aeaee66 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92da163d9e9d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92d9f07638ce 01dc92d9f168274f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc92da1ce99ea4 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc92d9f6693c33 01dc92d9f6693c33 Browser Restrictions | [AC13-1.2] Allow to launch system process bde4 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc92da1ce99ea4 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""14492" "\\.\pipe\gecko-crash-server-pipe.14492" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1020" "1008"" Create Process 0000000000000000 01dc92d9f70751df 01dc92d9f70751df Browser Restrictions | [AC13-1.2] Allow to launch system process 389c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc92da702918f4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92da48a1cc80 01dc92da49665f58 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92dac6d8da5b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92da8bb838ae 01dc92daa2ef2d6e Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc92dad0dbe6ce 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc92daac8ddd34 01dc92daac8ddd34 Block | File and Folder Access Attempts (program data) 67bc C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260131.002\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
223 01dc92db3b758ed2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92db16607c3a 01dc92db176a9dee Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92db70c6770a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92db49b17c70 01dc92db4ab92327 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92db741289bb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92db4f5c5de3 01dc92db502f918b Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92dbfcb2b457 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92dbd595b77e 01dc92dbd698b539 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92dc4954e26b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92dc21e9fd67 01dc92dc22ba6be3 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92dccb489002 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92dca57f3a55 01dc92dca57f3a55 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
214 01dc92dcf34175be 1f6 0 1 0 - Caller SHA256=5a30be379375544e4e6a14fd947373ff006e91fa751d441d7fd166143c2cc1b9 File Read 0000000000000000 01dc92dccf5d3ad3 01dc92dccf5d3ad3 Block | File and Folder Access Attempts (Public) a9b0 C:\Windows\System32\RuntimeBroker.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
0
223 01dc92dd753f6be0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92dd4e68ac02 01dc92dd4f38a15a Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ddcbd72b47 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92dda66306c6 01dc92dda711e2c3 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92de2261d1fb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ddfcdf09ad 01dc92ddfdbdcaec Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92df6f9e27a1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92df4918b79d 01dc92df49b6cbb6 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
238 01dc92dfa18d6fb0 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92df7b0ebb29 01dc92df7b0ebb29 Block | File and Folder Access Attempts (system32) 2020 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Windows\SysWOW64\mstsc.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc92dfe0bef764 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92dfb66b7d91 01dc92dfba3863d2 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e0629559fa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e03b5791ae 01dc92e03c2a639d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e0fbb66651 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e0d4d4bf44 01dc92e0d5fc9846 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e16992bce0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e143873fb6 01dc92e14433c052 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e2454de9b7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e21fdaf22a 01dc92e2208eaf07 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e2f9691223 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e2d1ce4196 01dc92e2d29eb651 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e32eb79e0c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e309cc39e4 01dc92e30ad0df20 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
222 01dc92e3b41a4674 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e375f314bf 01dc92e38fcd79b5 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e3b76f3ff5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e3929e7a3f 01dc92e39389a617 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92e461dc97e6 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92e43d35cb5f 01dc92e43d35cb5f Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc92e461dc97e6 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92e43d41c588 01dc92e43d41c588 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc92e479330c52 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92e45351e3f1 01dc92e45351e3f1 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc92e47fea056f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e438b1da7e 01dc92e45ad84d22 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc92e4974da343 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92e472043009 01dc92e472043009 Block | File and Folder Access Attempts (program data) 6468 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92e4a184e100 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92e47d2f2eb6 01dc92e47d340526 Block | File and Folder Access Attempts (program data) ba20 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
226 01dc92e4a83dbd8e 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92e483acf374 01dc92e483acf374 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc92e4b2461012 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e48da4c300 01dc92e48e5fae7d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e519e81d2c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e4e2337bbb 01dc92e4f5f9b868 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
259 01dc92e531478203 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92e50cc0aef4 01dc92e50cc7d3a1 Block | File and Folder Access Attempts (program data) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\ProgramData\regid.1991-06.com.microsoft Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92e5d4861d1b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e5ad328424 01dc92e5adc97960 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e61718b593 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e5f159f44d 01dc92e5f227ea55 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e674512d88 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e6408f7a48 01dc92e64ed27da7 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e6f95749f5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e6b8df5895 01dc92e6d48253c4 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e7bdcd0d4e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e74a6b4fa3 01dc92e7977da47f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e7ec5e343f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e7c6c70273 01dc92e7c7605577 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e88c65a59c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e842df01ea 01dc92e867322aea Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92e8c1a93c93 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e88cf7d63f 01dc92e89cbebfc9 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92e91ee4e1f5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e8fa5d0365 01dc92e8fa5d0365 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92e9438de775 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92e91f01a63c 01dc92e91f9fcc2d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ea2fe7a3e1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ea091538c0 01dc92ea0a6971eb Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92eaf17c1772 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92eab8303479 01dc92eacca6ed1f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92eb7d7baf9b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92eb57bee57d 01dc92eb586dbc5c Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92ec169169fd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ebf1b344aa 01dc92ebf253bcbe Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ec73c9ca89 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ec4ede7fa8 01dc92ec4fad21f4 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92ec9bbd21c5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ec774991e0 01dc92ec774991e0 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ed3ed78a5e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ed19262808 01dc92ed19eacb5f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ede8ab1890 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92edc33e7cae 01dc92edc3e6289a Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ee2eacd475 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92edf3fd47bb 01dc92ee09ecefd7 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92ee74c0613d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ee4f7c681d 01dc92ee503fb7d1 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc92ef5a6c2ef6 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef34af97b6 01dc92ef34b1fa35 Block | File and Folder Access Attempts (program data) 7b18 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92ef5a6c2ef6 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef34b1fa35 01dc92ef34b46950 Block | File and Folder Access Attempts (program data) 7b18 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc92ef5db94221 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef377f6ae5 01dc92ef3780e561 Block | File and Folder Access Attempts (program data) ce00 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92ef5db94221 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef377f96d8 01dc92ef37830c4e Block | File and Folder Access Attempts (program data) ce00 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc92ef7f140306 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef5940d0a5 01dc92ef594594c7 Block | File and Folder Access Attempts (program data) f20 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc92ef826783e4 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef5bd790a3 01dc92ef5bd8d091 Block | File and Folder Access Attempts (program data) ce00 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92ef826783e4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ef5d26ecfb 01dc92ef5df29fce Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc92efa080ce71 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef7b95f0cd 01dc92ef7b95f0cd Block | File and Folder Access Attempts (program data) 69cc C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efaa7ef184 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef83b4806e 01dc92ef83b4806e Block | File and Folder Access Attempts (program data) 3504 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efaa7ef184 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef84469d03 01dc92ef84469d03 Block | File and Folder Access Attempts (program data) ce00 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc92efaa7ef184 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef850fe2e4 01dc92ef851244a2 Block | File and Folder Access Attempts (program data) 1d10 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efaa7ef184 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef850fe2e4 01dc92ef8514a774 Block | File and Folder Access Attempts (program data) 1d10 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efadd438ec 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92ef89fe4d38 01dc92ef8a00af72 Block | File and Folder Access Attempts (program data) f20 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efd27ffc25 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92efac3a2463 01dc92efac3a2463 Block | File and Folder Access Attempts (program data) 7b18 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efd920c2c0 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92efb4c01a2c 01dc92efb4c04515 Block | File and Folder Access Attempts (program data) e290 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efdc784142 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92efb6308ef2 01dc92efb82c6314 Block | File and Folder Access Attempts (program data) ce00 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92efdfcfb8e4 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92efbb7bf5e7 01dc92efbb7bf5e7 Block | File and Folder Access Attempts (program data) 3504 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92eff07e3ea0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92efcbb14414 01dc92efcc5b5bd0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc92f0047ae63e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92efdeec28d9 01dc92efdeec28d9 Block | File and Folder Access Attempts (program data) e290 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92f0047ae63e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92efdf280d1a 01dc92efdf2a6f79 Block | File and Folder Access Attempts (program data) 326c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92f033139cb9 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92f00f21966f 01dc92f00f21966f Block | File and Folder Access Attempts (program data) a4f8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92f0b196a25a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f07cfcd1e5 01dc92f08bd34994 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f154b9a933 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f111c362dc 01dc92f12dce4b5f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92f189fb87e4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f16363f2a0 01dc92f164179c6f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f1dd2df8bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f195cd4a92 01dc92f1b7e487de Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f2804a3c9e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f25ab04a8c 01dc92f25b558ca2 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f32a2b2df3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f2d3e5dee0 01dc92f3049a7a3f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f55669b933 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f5153b690f 01dc92f530596a84 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc92f5b6e85fb7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92f5930466e7 01dc92f5930466e7 Block | File and Folder Access Attempts (program data) 54d4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc92f5ba3bc669 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f58bbac063 01dc92f596111b4f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f63bf1f79a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f61507ff50 01dc92f615a86848 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f663fb5513 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f63caf1ca7 01dc92f63d5baef4 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc92f688a06f60 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc92f6649e1fa0 01dc92f6649e1fa0 Block | File and Folder Access Attempts (program data) 8c88 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
222 01dc92f6ad3e6b9a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f6876910d2 01dc92f6876910d2 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc92f6b732a5c0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc92f692354f0a 01dc92f692354f0a Prevent modification of system files | [AC14-2.1] Prevent modification of system files a350 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\0E1C1082-B868-5958-2B30-06436CCF5E7F\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc92f6b732a5c0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92f692354f0a 01dc92f692354f0a Prevent modification of system files | [AC14-2.1] Prevent modification of system files a350 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\0E1C1082-B868-5958-2B30-06436CCF5E7F\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc92f6b732a5c0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92f692354f0a 01dc92f692354f0a Prevent modification of system files | [AC14-2.1] Prevent modification of system files a350 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\0E1C1082-B868-5958-2B30-06436CCF5E7F\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f6cb2fdf4b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f682865eaf 01dc92f6a4e7d6e7 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f6efd16b93 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f6c8d44488 01dc92f6c9963c62 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92f77510bc3a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f73263ff61 01dc92f74f704d71 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f83615fc5c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f80f17f1c1 01dc92f80fd52020 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92f878af0a02 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f8529a4e4f 01dc92f85439b029 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f8cf4a6314 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f8944cb257 01dc92f8aa159f1a Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92f92c9cb3b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f8fb50ae32 01dc92f9067f4ae6 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f939ea7402 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f8fcde8df8 01dc92f9133bf8b4 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92f9a46c7a42 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f97beff5fc 01dc92f97ecc7dc1 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92f9ae68a3ab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f92bc06ddc 01dc92f989512d7c Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
239 01dc92f9c5b703ec 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Read 0000000000000000 01dc92f9a138927a 01dc92f9a139449a Block | File and Folder Access Attempts (Temp) a360 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\9604B185-B874-40C1-A4B2-3918715904F3\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23b 01dc92f9c5b703ec 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Delete 0000000000000000 01dc92f9a138927a 01dc92f9a138927a Block | File and Folder Access Attempts (Temp) a360 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\9604B185-B874-40C1-A4B2-3918715904F3\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23a 01dc92f9c5b703ec 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Write 0000000000000000 01dc92f9a138927a 01dc92f9a139449a Block | File and Folder Access Attempts (Temp) a360 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\9604B185-B874-40C1-A4B2-3918715904F3\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92f9fe51169c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92f9d9dfd573 01dc92f9da7b8d6d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92fa623a0e74 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fa3b377fda 01dc92fa3bd5aafa Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fa8d6cff74 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fa68181a16 01dc92fa68b89ea7 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fab5625968 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fa8e14af00 01dc92fa8ec5fed4 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
239 01dc92fabf5efb17 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Read 0000000000000000 01dc92fa9b2a7828 01dc92fa9b2a7828 Block | File and Folder Access Attempts (Temp) d8d8 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\46F615A1-A25B-43EB-9761-B50B43F1A11E\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23b 01dc92fabf5efb17 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Delete 0000000000000000 01dc92fa9b2a7828 01dc92fa9b2a7828 Block | File and Folder Access Attempts (Temp) d8d8 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\46F615A1-A25B-43EB-9761-B50B43F1A11E\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23a 01dc92fabf5efb17 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Write 0000000000000000 01dc92fa9b2a7828 01dc92fa9b2a7828 Block | File and Folder Access Attempts (Temp) d8d8 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\46F615A1-A25B-43EB-9761-B50B43F1A11E\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc92fae748d9b8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92fac3086995 01dc92fac3086995 Prevent modification of system files | [AC14-2.1] Prevent modification of system files a350 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\0E1C1082-B868-5958-2B30-06436CCF5E7F\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
290 01dc92fae748d9b8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc92fac3086995 01dc92fac3086995 Prevent modification of system files | [AC14-2.1] Prevent modification of system files a350 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\0E1C1082-B868-5958-2B30-06436CCF5E7F\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92fbf87cf401 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fbd108d7ba 01dc92fbd1cfb6b0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc92fbff2b4963 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92fbd9c295d9 01dc92fbd9c295d9 Block | File and Folder Access Attempts (program data) 6044 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc92fc027d24a1 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92fbdcd4be55 01dc92fbdcd4ea9c Block | File and Folder Access Attempts (program data) e98c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc92fc05d466ce 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92fbdfa3cfbe 01dc92fbdfa3cfbe Block | File and Folder Access Attempts (program data) 6044 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
238 01dc92fc092462d3 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92fbe2aa76f0 01dc92fbe41c5409 Block | File and Folder Access Attempts (system32) 6aac C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Windows\SysWOW64\mstsc.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
26a 01dc92fc311bea0f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92fc0c3aee1e 01dc92fc0c3aee1e Block | File and Folder Access Attempts (program data) 9f4c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc92fc3471217b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92fc0dd94092 01dc92fc0dd94092 Block | File and Folder Access Attempts (program data) e98c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc92fd56ce52b1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fd0d614432 01dc92fd30beb581 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fd8c2aec96 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fd658fe840 01dc92fd6649bc31 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc92fde2bab80a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fdab53e59f 01dc92fdbdb5a1c3 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fe3963d95a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fe12b73b9a 01dc92fe1382cd1f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fe6b4ec4d6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fe45ca6acc 01dc92fe46915a91 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fe96a5ce78 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fe71260fa2 01dc92fe71cab0c3 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92fef74a28b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92fecf9c4769 01dc92fed0747919 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92ff4dd55c71 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ff271cc220 01dc92ff271cc220 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc92ff57d65ed0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ff313c8fc9 01dc92ff31e6bfc5 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92ff7c7b0a5f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ff564d0dcd 01dc92ff56f4c504 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92ffb50cd9cc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92ff907e5cb6 01dc92ff907e5cb6 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93004ae9ec15 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93002241e651 01dc9300245807ba Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930090d29262 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93006c445f87 01dc93006cfae39d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9300dd4da280 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930092759903 01dc9300b867a6a4 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc93012685e0c4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9300f2f1a2a0 01dc9301028b89f5 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9301eadabf2e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9301c60e50b7 01dc9301c6b861d8 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9302340cacfe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9301f6087429 01dc93020f818519 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9302841ee6cf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93024443f0cb 01dc93025e05f17f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9302eb5d25b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9302c3d8b746 01dc9302c4952b11 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9302f5604d9e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9302cefdba53 01dc9302cefdba53 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc930334ad59d1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9302eeb922f5 01dc93031051c0e6 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc930342048936 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93031ad69ce8 01dc93031b71eecc Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930391f299bd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930341ef0061 01dc93036b8aeeea Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93042e67732a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9303b8268e0e 01dc930407d4ccb9 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9304ec5cbd77 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930470f9a8ad 01dc9304c5833709 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93053c5d84f3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930517b2ef20 01dc9305187c4665 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
222 01dc9305a6dd5b92 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930561b9804a 01dc930580113280 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9306181ee69d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9305f23b57ee 01dc9305f2a25ae9 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93073248210c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930704a9e888 01dc93070b6cdce2 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc9307504e9cd3 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9307295a018b 01dc9307295a018b Browser Restrictions | [AC13-1.2] Allow to launch system process eb14 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc9307504e9cd3 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""10316" "\\.\pipe\gecko-crash-server-pipe.10316" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1004" "1016"" Create Process 0000000000000000 01dc930729e01617 01dc930729e01617 Browser Restrictions | [AC13-1.2] Allow to launch system process 284c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc930774eb7487 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93071020021b 01dc93074e9d2906 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9307c17e4800 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93078a17d68c 01dc93079b840774 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930846b5d773 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93080ec79ff7 01dc930820a53136 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93086b5e7ed0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9308458802fe 01dc930846261798 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9308be9a8a7c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930897301743 01dc930897f6e687 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9308f72de5cc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9308d15befa9 01dc9308d1f9e809 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9309a7d8bdb6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930935a0c6db 01dc930983ca7d00 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc930a51b9c209 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930a2b0c427d 01dc930a2b0c427d Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930a625a68ab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930a3bd60723 01dc930a3c78c96d Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930ad38f98c0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930a89886e04 01dc930aaf325b3f Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930b236b1be8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930ae1fd2b00 01dc930afd620fb8 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930b52074fea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930b2bd4a6cb 01dc930b2c7ed653 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930c55d74045 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930c30a10e40 01dc930c314b1838 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc930c668b54c1 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc930c42715c76 01dc930c42715c76 Block | File and Folder Access Attempts (program data) c614 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc930ca275ee6c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930c6cac597f 01dc930c7e6259d6 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930ccdb90c88 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930ca7a5301b 01dc930ca84f4e32 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc930dacbfda04 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930d85a95878 01dc930d863deb4c Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc930ee251571a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc930e4121ddba 01dc930ebe34d889 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9310a0435163 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93107ad337c2 01dc93107ad337c2 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9311078629b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9310e1c9a1cd 01dc9310e27866f0 Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc931178b38e2e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc931134ce72b1 01dc931152c5e6bf Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9312f7e46c09 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9312d37b8146 01dc9312d37b8146 Block | File and Folder Access Attempts (program data) 81e8 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
35d 01dc9314c9f659fe 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9314a372515a 01dc9314a372515a Browser Restrictions | [AC13-1.2] Allow to launch system process 9ba8 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc9314c9f659fe 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""28464" "\\.\pipe\gecko-crash-server-pipe.28464" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1004" "1016"" Create Process 0000000000000000 01dc9314a40e1202 01dc9314a40e1202 Browser Restrictions | [AC13-1.2] Allow to launch system process 6f30 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc93156660e82d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93153e8a9758 01dc931541241cbd Block Write | File and Folder Access Attempts a96c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc931688b51bbe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93166448e442 01dc93166448e442 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9316fd4a2e2b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9316d22783f7 01dc9316d670c0bd Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93172f440c17 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9317091f4646 01dc9317091f4646 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc93172f440c17 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc931709240b27 01dc931709240b27 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
222 01dc931732b124e5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc931701df5cbb 01dc93170c5c1f1d Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc9317435d9609 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93171ecf21c4 01dc93171ecf21c4 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc931772016e5d 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93174c8ef78e 01dc93174c8ef78e Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
222 01dc93190861899d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9318e287c9e5 01dc9318e2da79ee Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93195855a151 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93193292a1ff 01dc9319334af5ad Block Write | File and Folder Access Attempts 89c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc931a7d638398 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc931a41c72ce7 01dc931a5677e51c Block Write | File and Folder Access Attempts 89c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc931abca42c6f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc931a94fc4be6 01dc931a95a19450 Block Write | File and Folder Access Attempts 89c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc931ae140a9df 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc931ab9e612ca 01dc931aba88de56 Block Write | File and Folder Access Attempts 89c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc931cd840f8eb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc931add661de2 01dc931cb33e3ada Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc931dfd39bb2e 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc931dd6b1c525 01dc931dd6b1c525 All Applications | [AC7-2.1] File and Folder Access Attempts b6b4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CCEC0D41-53CA-4A44-9FB1-8879AFA07599}\EDGEMITMP_70EB6.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d1 01dc931dfd39bb2e 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc931dd6b1c525 01dc931dd6b1c525 All Applications | [AC7-2.1] File and Folder Access Attempts b6b4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CCEC0D41-53CA-4A44-9FB1-8879AFA07599}\EDGEMITMP_70EB6.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc931dfd39bb2e 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc931dd6b1c525 01dc931dd6b1c525 All Applications | [AC7-2.1] File and Folder Access Attempts b6b4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CCEC0D41-53CA-4A44-9FB1-8879AFA07599}\EDGEMITMP_70EB6.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc931e03e54e5d 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc931ddfe45fc1 01dc931ddfe45fc1 All Applications | [AC7-2.1] File and Folder Access Attempts b6b4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CCEC0D41-53CA-4A44-9FB1-8879AFA07599}\EDGEMITMP_70EB6.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source46772_1545456098\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e9 01dc931e03e54e5d 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc931ddfe45fc1 01dc931ddfe45fc1 All Applications | [AC7-2.1] File and Folder Access Attempts b6b4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CCEC0D41-53CA-4A44-9FB1-8879AFA07599}\EDGEMITMP_70EB6.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source46772_1545456098\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc931e03e54e5d 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc931ddfe45fc1 01dc931ddfe45fc1 All Applications | [AC7-2.1] File and Folder Access Attempts b6b4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CCEC0D41-53CA-4A44-9FB1-8879AFA07599}\EDGEMITMP_70EB6.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source46772_1545456098\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc931f89a5ac01 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc931f65058b73 01dc931f65058b73 Block | File and Folder Access Attempts (program data) 21b4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
28d 01dc9320a146e7e4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc93207b145c06 01dc93207b145c06 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 5b78 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E84E493E-ABE3-6071-AEE1-011AB8BBAEBC\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc9320a146e7e4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93207b145c06 01dc93207b145c06 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 5b78 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E84E493E-ABE3-6071-AEE1-011AB8BBAEBC\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9320a146e7e4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93207b145c06 01dc93207b145c06 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 5b78 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E84E493E-ABE3-6071-AEE1-011AB8BBAEBC\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9321e0e150cd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9321b8b25cd7 01dc9321bb857031 Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9323ffc2886d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9323d988f010 01dc9323da502964 Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9324a31b055c 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93247f0fa7ec 01dc93247f0fa7ec Block | File and Folder Access Attempts (program data) 966c C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
28e 01dc9324d1b47d12 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc9324abe29fee 01dc9324abe29fee Prevent modification of system files | [AC14-2.1] Prevent modification of system files 5b78 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E84E493E-ABE3-6071-AEE1-011AB8BBAEBC\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9324d1b47d12 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc9324abe29fee 01dc9324abe29fee Prevent modification of system files | [AC14-2.1] Prevent modification of system files 5b78 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E84E493E-ABE3-6071-AEE1-011AB8BBAEBC\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9327fe670ba2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9327d791ea75 01dc9327d85d8d86 Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
246 01dc932840f47b7f 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93281b4075a2 01dc93281b4075a2 Block | File and Folder Access Attempts (Temp) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\Temp\4D4E821E-D444-4B33-AE20-57FB7551E806\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 2a138 00000002 00000000000000000000000000000000 00000000
223 01dc9328f1873a5d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9328cc4328bd 01dc9328cd09d9fe Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93290f7f51a5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9328e449faff 01dc9328e927ad10 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc932958f7150a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93291f082d0f 01dc932933fafb2b Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc93298454b0d4 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93295e5a07c4 01dc93295e5a07c4 Block | File and Folder Access Attempts (program data) 96c4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc932a8826b7b0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc932a5d95db6f 01dc932a614dd37c Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc932ad1759e35 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc932aabc0cce3 01dc932aac7e021b Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc932d680d0bf3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc932d3bfe76af 01dc932d41fc20ed Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc932ebf6f5190 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc932e9b761c24 01dc932e9b761c24 Block | File and Folder Access Attempts (program data) 7b04 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
285 01dc932edd7049e5 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc932eb6b9d3ca 01dc932eb6b9d3ca Block | File and Folder Access Attempts (program data) a7a0 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc932f694c12c4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc932f42913c99 01dc932f4340351b Block Write | File and Folder Access Attempts 5c14 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc932fb94451da 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc932f925f7c77 01dc932f925f7c77 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93319c431621 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933175b03d89 01dc933175b03d89 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9334a4c2eaa2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93347c3c6c6d 01dc93347fab8199 Block Write | File and Folder Access Attempts 9f74 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc933598196f49 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933571c8dfa1 01dc933572a2a6b4 Block Write | File and Folder Access Attempts 9f74 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc933aa103b7ab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933a7a98afcb 01dc933a7a98afcb Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
222 01dc933bf8039e23 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933bd4302aa4 01dc933bd4302aa4 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc933d3deacf80 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933cf15f275f 01dc933d18b93ff7 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc933d8a737acb 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc933d643d2727 01dc933d643d2727 Block | File and Folder Access Attempts (program data) 40e8 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc933eb280eacc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933e88c7b03a 01dc933e8b76b97c Block Write | File and Folder Access Attempts 86ac C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc933f05bc7d42 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933eda8b771a 01dc933ee0f624a1 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc933f843f4cee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc933f470535de 01dc933f5dfd998f Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
234 01dc933fd439b5ac 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc933fae8b5eea 01dc933fae8b5eea Block | File and Folder Access Attempts (Public) a5a0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
0
222 01dc9340e21b8afe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9340bda49e36 01dc9340bda49e36 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc9341995938ef 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9341754b6dda 01dc9341754b6dda Block | File and Folder Access Attempts (program data) 78c0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc9341c4a751f3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9341961a033f 01dc93419dc73803 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9341c7fbeb70 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93419f95bf23 01dc9341a303b9e5 Block Write | File and Folder Access Attempts 87c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc9341f9fc9e41 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9341d5b1d5a8 01dc9341d5b1d5a8 Browser Restrictions | [AC13-1.2] Allow to launch system process 3f0c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc9341fd535573 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""10296" "\\.\pipe\gecko-crash-server-pipe.10296" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "940" "928"" Create Process 0000000000000000 01dc9341d6464115 01dc9341d6464115 Browser Restrictions | [AC13-1.2] Allow to launch system process 2838 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc934307eeedcd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9342e342eb82 01dc9342e3fb9e1c Block Write | File and Folder Access Attempts 87c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc934329380d07 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9342fa2d5a9e 01dc934304059fe2 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9343ae6d6236 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc934380481f1d 01dc934388435a5d Block Write | File and Folder Access Attempts 87c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc9344303fc911 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93440b433823 01dc93440b433823 Block | File and Folder Access Attempts (program data) d014 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93463e6ae2f5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9346181737ef 01dc934618abc8c3 Block Write | File and Folder Access Attempts 87c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc9347c091cc43 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93479b0beed4 01dc93479b0beed4 Block | File and Folder Access Attempts (program data) 2474 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc93483f048e5f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93481b0eed64 01dc93481b0eed64 Block | File and Folder Access Attempts (program data) 44f4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc93486059149a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93483bff5223 01dc93483bff5223 Block | File and Folder Access Attempts (program data) a8d8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc9349f71ef6f0 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9349d09e009e 01dc9349d09e009e Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc9349f71f460e 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9349d0a35d4b 01dc9349d0a35d4b Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc934a0ed78a39 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9349e7f8ceb4 01dc9349e7f8ceb4 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc934a4b12bd77 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc934a241bd579 01dc934a241bd579 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
28d 01dc934a8a6d25a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc934a63ec7112 01dc934a63ec7112 Prevent modification of system files | [AC14-2.1] Prevent modification of system files c4e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F8907BA5-5A9E-161B-F4DD-630418C0213C\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc934a8a6d25a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc934a63ec7112 01dc934a63ec7112 Prevent modification of system files | [AC14-2.1] Prevent modification of system files c4e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F8907BA5-5A9E-161B-F4DD-630418C0213C\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc934a8a6d25a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc934a63ec7112 01dc934a63ec7112 Prevent modification of system files | [AC14-2.1] Prevent modification of system files c4e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F8907BA5-5A9E-161B-F4DD-630418C0213C\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc934ab5d25925 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc934a91d6c5ad 01dc934a91d6c5ad Block | File and Folder Access Attempts (program data) 5254 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc934ad0814a3d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc934aa51fbe6d 01dc934aa99b79a4 Block Write | File and Folder Access Attempts d41c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc934ad731c111 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc934ab1c7f0fc 01dc934ab1c7f0fc Block | File and Folder Access Attempts (program data) 2824 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
234 01dc934b91ba7619 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934b6aea3421 01dc934b6aea3421 Block | File and Folder Access Attempts (Public) 1f24 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
234 01dc934b951170a5 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934b70dff6e8 01dc934b70e1f397 Block | File and Folder Access Attempts (Public) efc C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
28e 01dc934eb8a9e2a8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc934e94b509d8 01dc934e94b509d8 Prevent modification of system files | [AC14-2.1] Prevent modification of system files c4e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F8907BA5-5A9E-161B-F4DD-630418C0213C\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc934eb8a9e2a8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc934e94b509d8 01dc934e94b509d8 Prevent modification of system files | [AC14-2.1] Prevent modification of system files c4e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\F8907BA5-5A9E-161B-F4DD-630418C0213C\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc934ec2a6337a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934e9508e54a 01dc934e9bed7fe3 Block | File and Folder Access Attempts (program data) 3710 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc934ec94b1d10 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934e920969bd 01dc934ea27e1ce3 Block | File and Folder Access Attempts (program data) b1d8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc934ec94b1d10 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934e9508e54a 01dc934ea561d2be Block | File and Folder Access Attempts (program data) 3710 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc934ed3500eab 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934e920969bd 01dc934ead4c3007 Block | File and Folder Access Attempts (program data) b1d8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc934ee09beca7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934eb90e85a0 01dc934ebbad132b Block | File and Folder Access Attempts (program data) 21f4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc934ee09beca7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc934eb90e85a0 01dc934ebbad132b Block | File and Folder Access Attempts (program data) 21f4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
35d 01dc934f73b066dd 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc934f4f43bc5c 01dc934f4f43bc5c Browser Restrictions | [AC13-1.2] Allow to launch system process 663c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc934f7709c3af 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""31236" "\\.\pipe\gecko-crash-server-pipe.31236" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "940" "944"" Create Process 0000000000000000 01dc934f5000f33c 01dc934f5000f33c Browser Restrictions | [AC13-1.2] Allow to launch system process 7a04 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
222 01dc9351f1c681d6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9351cace12f0 01dc9351cace12f0 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc935396a2e111 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93536d70ba91 01dc935372338e45 Block Write | File and Folder Access Attempts 50a8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9353cbf6efe8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93539f3ec218 01dc9353a5dbc0e7 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc935440d8b398 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93541a39f23b 01dc93541b8feb9a Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9354b24535e9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93548d429aa5 01dc93548e1eca64 Block Write | File and Folder Access Attempts 50a8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
234 01dc9354c2f2c3ee 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93549c94e4e0 01dc93549c94e4e0 Block | File and Folder Access Attempts (Public) 6158 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
285 01dc9358773b745b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93585150bf32 01dc93585150bf32 Block | File and Folder Access Attempts (program data) c6bc C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
285 01dc93589f2e120a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc935878e45c43 01dc935878e45c43 Block | File and Folder Access Attempts (program data) 4378 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9359cb3eb76c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9359a3d7ffd9 01dc9359a4b232eb Block Write | File and Folder Access Attempts 8afc C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc935b549e920a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc935b2f46b293 01dc935b3014c7c9 Block Write | File and Folder Access Attempts 8afc C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc935c19d10e12 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc935bf152906b 01dc935bf5d37370 Block Write | File and Folder Access Attempts 8afc C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
234 01dc935ca25c2883 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc935c7db7e850 01dc935c7db7e850 Block | File and Folder Access Attempts (Public) 9398 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
222 01dc935e5af391bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc935e35f11d8e 01dc935e35f11d8e Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc935f8d3c7018 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc935f693cb730 01dc935f693d062e Block | File and Folder Access Attempts (program data) 60ac C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
2cc 01dc935f9093d7d1 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc935f69c0e9cf 01dc935f69c34c08 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b9a0 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\F9BC5310-7072-4996-AFD7-823364971990MpCommU\mpam-8f5386cc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
2cd 01dc935f9093d7d1 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc935f69c34c08 01dc935f69c34c08 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b9a0 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\F9BC5310-7072-4996-AFD7-823364971990MpCommU\mpam-8f5386cc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc935f9093d7d1 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc935f69c8222f 01dc935f69ca85e4 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b9a0 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\9C738C6E-ACEB-4C3D-88A9-72CA0A37142FMpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc935f9093d7d1 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc935f69ca85e4 01dc935f69ca85e4 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b9a0 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\9C738C6E-ACEB-4C3D-88A9-72CA0A37142FMpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc935fe724e17a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc935fc1cc7fc6 01dc935fc1cc7fc6 Block | File and Folder Access Attempts (program data) 6dd0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc9360ff0fb7f7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9360da15fd9c 01dc9360daf102f4 Block Write | File and Folder Access Attempts bb90 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9361a61a423c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93617fd859bb 01dc93618098b302 Block Write | File and Folder Access Attempts bb90 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9363723b3093 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93634b0d7f17 01dc93634ca4cf54 Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93649ea1d8e4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93647ac4f31c 01dc93647ac4f31c Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9364d08f6bcb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9364aa35233b 01dc9364aa35233b Block Write | File and Folder Access Attempts 8270 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9368d3d029e2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936890402d63 01dc9368ae8bc359 Block Write | File and Folder Access Attempts bb90 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9369e51b5316 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9369c08043a4 01dc9369c155fbf6 Block Write | File and Folder Access Attempts bb90 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
222 01dc936a351fa7c8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936a0393c2d2 01dc936a113cd2b0 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc936b852ce426 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936b5edf2d3e 01dc936b5fa8725e Block Write | File and Folder Access Attempts bb90 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc936c0da49dff 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936bdd99403a 01dc936be9caed06 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc936ccbbf9e24 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936ca6a44f38 01dc936ca6a44f38 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc936d5446e0f0 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc936d2f1ea179 01dc936d2f1ea179 Block | File and Folder Access Attempts (program data) 70dc C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc936dea794d6d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936dc46f7beb 01dc936dc51e571a Block Write | File and Folder Access Attempts 3d50 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc936f161cd4da 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936eef867392 01dc936eef867392 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc936f8504d15e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936f5e1bdf7b 01dc936f5eeecc73 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9370250d4b47 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc936ffed57b99 01dc936ffed57b99 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9370df7e5148 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9370b78dc8ac 01dc9370bb137559 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc93710ae312d0 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9370e6af254e 01dc9370e6af254e Block | File and Folder Access Attempts (program data) 62fc C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
234 01dc93711b88c961 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9370f66f475b 01dc9370f671a9bd Block | File and Folder Access Attempts (Public) 4b4c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
2cf 01dc9371e69d4fec 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc9371bf9cd406 01dc9371bf9cd406 All Applications | [AC7-2.1] File and Folder Access Attempts 2f98 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60EC3B76-B037-4185-9DB8-65C36317E90B}\EDGEMITMP_980AF.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d1 01dc9371e69d4fec 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc9371bf9cd406 01dc9371bf9cd406 All Applications | [AC7-2.1] File and Folder Access Attempts 2f98 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60EC3B76-B037-4185-9DB8-65C36317E90B}\EDGEMITMP_980AF.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc9371e69d4fec 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc9371bf9cd406 01dc9371bf9cd406 All Applications | [AC7-2.1] File and Folder Access Attempts 2f98 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60EC3B76-B037-4185-9DB8-65C36317E90B}\EDGEMITMP_980AF.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc9371f0a0473b 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc9371ca0385f3 01dc9371ca0385f3 All Applications | [AC7-2.1] File and Folder Access Attempts 2f98 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60EC3B76-B037-4185-9DB8-65C36317E90B}\EDGEMITMP_980AF.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source12184_1045634607\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e9 01dc9371f0a0473b 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc9371ca0385f3 01dc9371ca0385f3 All Applications | [AC7-2.1] File and Folder Access Attempts 2f98 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60EC3B76-B037-4185-9DB8-65C36317E90B}\EDGEMITMP_980AF.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source12184_1045634607\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc9371f0a0473b 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc9371ca0385f3 01dc9371ca0385f3 All Applications | [AC7-2.1] File and Folder Access Attempts 2f98 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{60EC3B76-B037-4185-9DB8-65C36317E90B}\EDGEMITMP_980AF.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source12184_1045634607\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93737d05ada1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937353a79373 01dc93735747bd1a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9373bc534384 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937395dde326 01dc937396c8d354 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc9374738a8ad7 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc93744cc7f4df 01dc93744cc7f4df Prevent modification of system files | [AC14-2.1] Prevent modification of system files 893c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\5C2907E0-3DD1-8227-36CA-1AABCD97939E\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc9374738a8ad7 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93744cc7f4df 01dc93744cc7f4df Prevent modification of system files | [AC14-2.1] Prevent modification of system files 893c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\5C2907E0-3DD1-8227-36CA-1AABCD97939E\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9374738a8ad7 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93744cc7f4df 01dc93744cc7f4df Prevent modification of system files | [AC14-2.1] Prevent modification of system files 893c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\5C2907E0-3DD1-8227-36CA-1AABCD97939E\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9374d0e54f8f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9374aa379d68 01dc9374aaf778b3 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937598d501d9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9375738c9720 01dc9375742aa7ab Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9375f6256a25 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9375ce753f60 01dc9375d08e18d2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9376be128112 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9376993e4519 01dc93769a02a141 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937714a4189c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9376ef0b4f9c 01dc9376efa4a12e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc937753ea87cc 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93772d2aa714 01dc93772d2aa714 Block | File and Folder Access Attempts (program data) 9cf4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc937829264add 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937802dfd76a 01dc937803abfa57 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc9378a4493710 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93787d94412c 01dc93787d94412c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 893c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\5C2907E0-3DD1-8227-36CA-1AABCD97939E\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9378a4493710 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93787d94412c 01dc93787d94412c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 893c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\5C2907E0-3DD1-8227-36CA-1AABCD97939E\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937936c6e1e5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937912051296 01dc937912c54a5f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc937936c6e1e5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937912e16f06 01dc937912e16f06 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
286 01dc93797cc0b06f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc937958164a59 01dc937958164a59 Block | File and Folder Access Attempts (program data) e024 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93799e0be435 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9379797c78b0 01dc93797a13716b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937a194718c0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9379f4502945 01dc9379f4e74c6a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937a414e0708 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937a1bdeb376 01dc937a1cc6fdaf Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937b272036a7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937ae6482ac7 01dc937b0207a21f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937b52738efe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937b2daa22f0 01dc937b2e677477 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937bd10bb47f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937bab089f98 01dc937babe4fbc2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc937c7ae3612a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937c54669585 01dc937c56b2320f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc937ca62c6e1d 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc937c822e754f 01dc937c822e754f Browser Restrictions | [AC13-1.2] Allow to launch system process 7de0 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc937ca9844739 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""38828" "\\.\pipe\gecko-crash-server-pipe.38828" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "396" "404"" Create Process 0000000000000000 01dc937c82fa5686 01dc937c82fa5686 Browser Restrictions | [AC13-1.2] Allow to launch system process 97ac C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
222 01dc937cd8284674 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc937cb359ecd2 01dc937cb359ecd2 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc937cd8284674 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc937cb365cda1 01dc937cb365cda1 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc937cec1d1b81 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937cc486c002 01dc937cc5a11d27 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc937cef7450df 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc937cca7323f0 01dc937cca7323f0 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc937d21621b42 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc937cfccbf9b0 01dc937cfccbf9b0 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc937d280693e2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937d00559180 01dc937d01212348 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937d534d19e2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937d2b97a84e 01dc937d2c659986 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937de5ccd124 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937dbe0331a2 01dc937dbeb8edf9 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937e74e58763 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937e4fb6c64a 01dc937e50837855 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937e9cded894 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937e76f48e21 01dc937e77a83b41 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937f2c1189e0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937eff833f25 01dc937f07c3408c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc937fd26cd6dc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937fab74bc06 01dc937fac367ddc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938040564110 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc937ffe410432 01dc938019c3c24b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9380c8d7dd42 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9380a31c297b 01dc9380a3cd6740 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938104e30ebc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9380df30d4ec 01dc9380dfedb78d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9381158ee01b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9380ef415939 01dc9380ef415939 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93812cda2b53 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93810732b21d 01dc9381080a0d4e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93819ab8e5ac 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938172dc4549 01dc938173b4ed6a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93826c7477bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93824425be76 01dc9382457dcd95 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9382d04933a5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9382a970c1af 01dc9382aa008152 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93830c1b2e9a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9382e6271baf 01dc9382e6fa0242 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9383480cb456 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9383225baba0 01dc9383225baba0 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938358b5372e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938317e23265 01dc938332850173 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9384e87310c8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9384b9ee6639 01dc9384c1b2bd8e Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9384fc6b3b39 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9384d4e603c5 01dc9384d790e09f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc938538548800 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc938512044b65 01dc938512044b65 Block | File and Folder Access Attempts (program data) 7158 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc9385c7897a2e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93858d6248dd 01dc9385a39d9556 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9385ef8dded0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9385ca633c36 01dc9385cb095991 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9386535c10a2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93862ac9f00a 01dc93862db72bf4 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9386bdf337e9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938697013492 01dc938697ae2dfc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9386fd3164a3 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9386d7af3385 01dc9386d7af3385 Block | File and Folder Access Attempts (program data) 79c4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93870dcf953f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9386e8dff621 01dc9386e9b08782 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9387647152c3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9387288032c5 01dc938740131c81 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9387dc7e55dd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9387a23928f9 01dc9387b7b11a94 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9388bec59e8f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93888363ce8b 01dc93889916785b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93899dd98ec7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938979193aa0 01dc938979e9e85a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9389cfc14d6d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9389ab6b82bf 01dc9389ab6b82bf Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc938a1f9677b1 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc9389fb8ea295 01dc9389fb8ea295 Browser Restrictions | [AC13-1.2] Allow to launch system process 9f04 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc938a22ed8f34 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""8800" "\\.\pipe\gecko-crash-server-pipe.8800" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1000" "1012"" Create Process 0000000000000000 01dc9389fc2a41ce 01dc9389fc2a41ce Browser Restrictions | [AC13-1.2] Allow to launch system process 2260 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
222 01dc938abf5ce7e7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938a163a9cd2 01dc938a9b0a9331 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938ac60632bb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938aa06c16b0 01dc938aa12ba849 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938b730adf81 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938b4b7070b8 01dc938b4c39aabf Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938bbf999c8f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938b79ce1b69 01dc938b9974e6b1 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938c6ca4af12 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938c44e74f6d 01dc938c45bc8479 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc938cfbf4ef9d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938cd5aab763 01dc938cd5aab763 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938cff4bf6c9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938cd96195dc 01dc938cda0b96bc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938eb6d8a8e7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938e8fb7371c 01dc938e923bbc33 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938f59f7c8dc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938f3212392d 01dc938f330f7b38 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc938fa9dba129 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938f84ee1269 01dc938f84ee1269 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc938fe93f9cfb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc938fc344cd86 01dc938fc401ebd4 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9390505cbc69 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939029c82fb6 01dc93902a9ac1a7 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93907ba4ecf5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939054a7913b 01dc939054a7913b Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939132d1b187 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93910b4a5c73 01dc93910c09ef51 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9391541bd527 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93910f1225b4 01dc93912f51ea2f Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939268591fe9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93922db5f067 01dc939242e1e5cb Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9392e376f2de 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9392be6a5f42 01dc9392bfa1e700 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93930ec65b5e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9392e824bed5 01dc9392e8d60d13 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93933d504677 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939316defaaa 01dc93931794289d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9393f1a591df 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9393ca1f399a 01dc9393cacf688a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9393fba5709f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9393d7cb7853 01dc9393d7cb7853 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939430ff7568 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939409778f1d 01dc93940a15971e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939458f02442 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9394331f330d 01dc939433da0cf6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9394c02e0184 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9394852ff3b8 01dc93949a10ed12 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc93955ce1f3f7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc9395380bf62b 01dc9395380e5ac7 Block | File and Folder Access Attempts (program data) b2c0 C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260201.002\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
223 01dc9395e56e753d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9395bdc8f8a4 01dc9395bec81319 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93970a74b337 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9396e314a77b 01dc9396e3cd2a4c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93973906e108 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939710aa84a0 01dc939713e7ad44 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9397c814ef4d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9397a1714358 01dc9397a2f638d1 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc93980e1424b2 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc9397e72a6616 01dc9397e72a6616 Block | File and Folder Access Attempts (Public) 51a8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93981b69903b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9397f606374e 01dc9397f6b8ff8a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93990134c2cb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9398db3db8e7 01dc9398dbe0aa53 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc93999dd14909 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9399791020ce 01dc9399791020ce Block | File and Folder Access Attempts (program data) 9a68 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9399ab2402ef 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9399840f77ed 01dc939984d7befa Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc939a3dc90ade 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939a1760c359 01dc939a18203f53 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc939a6908d69e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939a418ce204 01dc939a4247a6e6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939acd05a166 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939aa7ea30cf 01dc939aa8bd0be8 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc939b23c1ddc0 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc939afd8d4889 01dc939afd8d4889 Block | File and Folder Access Attempts (Public) 51a8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
222 01dc939bfa0b10ff 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939bd55d144a 01dc939bd55d144a Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939c9674d8c7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939c5b6e9009 01dc939c715e8ce2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939cf397543e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939cb5239363 01dc939cccdee15d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc939d437fb2fe 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc939d1ec04fdf 01dc939d1ec04fdf Block | File and Folder Access Attempts (program data) 7570 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc939d6b750b19 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc939d4576d6c7 01dc939d4576d6c7 Block | File and Folder Access Attempts (program data) 7570 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc939da404da31 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939d7bfd9cf2 01dc939d7da8b0d6 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc939e5b2eff5e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc939e35a05804 01dc939e35a2bbdb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 3e88 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A64F2D73-A4B1-B59F-C750-E2D56F99DBDE\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc939e5b2eff5e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc939e35a2bbdb 01dc939e35a2bbdb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 3e88 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A64F2D73-A4B1-B59F-C750-E2D56F99DBDE\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc939e5b2eff5e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc939e35a2bbdb 01dc939e35a2bbdb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 3e88 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A64F2D73-A4B1-B59F-C750-E2D56F99DBDE\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939e9a8333be 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939e54af7448 01dc939e7473bb7f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939ed9cea706 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939eb431929c 01dc939eb4f74607 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc939f3dc8839f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939ef15ebf14 01dc939f17d41f92 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc939f7d0bdd46 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc939f56c7ce4d 01dc939f56c7ce4d Block | File and Folder Access Attempts (Public) 51a8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc939fc9ae85c3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc939fa15e4535 01dc939fa4ca9ecc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a0c3461ec6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a04869e544 01dc93a09e34d79b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a0f1e246d8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a0ca740aca 01dc93a0cb3ae22e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a20329ace8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a1de783fad 01dc93a1df5be2c9 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a22b1d9ed6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a20503a2d8 01dc93a205d9248b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc93a28ba4b2c7 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93a2666e2166 01dc93a2666e2166 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 3e88 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A64F2D73-A4B1-B59F-C750-E2D56F99DBDE\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc93a28ba4b2c7 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93a2666e2166 01dc93a2666e2166 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 3e88 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A64F2D73-A4B1-B59F-C750-E2D56F99DBDE\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93a2b048c77b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a2899fec67 01dc93a2899fec67 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc93a3f9f5ee2c 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc93a3d2f5de65 01dc93a3d2f5de65 Block | File and Folder Access Attempts (program data) 3748 C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260201.002\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
206 01dc93a47859f264 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc93a4520b17ed 01dc93a4520b17ed Block | File and Folder Access Attempts (Public) 51a8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93a4df863d55 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a4b7864205 01dc93a4b87f78f2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a52f5b51ea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a509b12dee 01dc93a50a6d0551 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
214 01dc93a61ee076b5 1f6 0 1 0 - Caller SHA256=5a30be379375544e4e6a14fd947373ff006e91fa751d441d7fd166143c2cc1b9 File Read 0000000000000000 01dc93a5f992b6c8 01dc93a5f992b6c8 Block | File and Folder Access Attempts (Public) a9b0 C:\Windows\System32\RuntimeBroker.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93a6258eb35c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a6008ebda6 01dc93a601511a41 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a650dbeaf3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a62a1b9510 01dc93a62ae03884 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93a69a0c67b8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a651e84dc4 01dc93a675eb63e6 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a6a0bd43a7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a666ba2812 01dc93a67ac8f4ef Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a71f7e91c2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a6f3c421e2 01dc93a6f9e2f073 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a8ee418b09 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a8c3865622 01dc93a8c7c856a7 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93a97002bef6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a94a1ecc44 01dc93a94af19620 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93aa699c44d5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93a9fd0c066d 01dc93aa43015a34 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc93aa76f23d9e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93aa525d1bec 01dc93aa525f5373 Block | File and Folder Access Attempts (program data) 3c94 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc93aa9843ec93 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93aa71fc8061 01dc93aa7301a1e6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc93aaca2dbb62 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93aaa422e87c 01dc93aaa422e87c Block | File and Folder Access Attempts (program data) 6544 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
26b 01dc93ab16d63581 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93aaf08f0543 01dc93aaf0910231 Block | File and Folder Access Attempts (program data) b034 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc93ab2e25884c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ab07e4906f 01dc93ab07e4906f Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ab9552f038 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ab6e032b58 01dc93ab6eb2136d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93abd1343feb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93abaa885af4 01dc93abab47fbc0 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93abfc846f6e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93abd59d4875 01dc93abd65cff13 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc93ac0d2d52a5 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93abe6706abe 01dc93abe672cd26 Block | File and Folder Access Attempts (program data) 7434 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
286 01dc93ac2b225c46 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93ac04fa8d5f 01dc93ac04fa8d5f Block | File and Folder Access Attempts (program data) 7ea0 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93ac6a4aa4be 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ac425ccd1a 01dc93ac4336c12a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93accad9807a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ac8a4a0426 01dc93aca5539002 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ad56d35b2c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ad2f52ed5e 01dc93ad3001b6a9 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93ad5a2a7e11 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ad365a575d 01dc93ad365a575d Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ade28cd499 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93adaa50451d 01dc93adbdd104f5 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ae2542514f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93adfe923d30 01dc93adff74e5f9 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc93ae2542514f 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc93adfe923d30 01dc93adfe923d30 Block | File and Folder Access Attempts (Public) 52b8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93ae5a980ec8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ae34413cb8 01dc93ae34ea3724 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
259 01dc93ae5ded5f7c 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93ae36e3b37c 01dc93ae36e987f5 Block | File and Folder Access Attempts (program data) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\ProgramData\regid.1991-06.com.microsoft Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc93aec8a7c86e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93aea0d88fee 01dc93aea1bd36ea Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc93aecbff3b47 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc93aea7c6f83f 01dc93aea7c6f83f Block | File and Folder Access Attempts (Public) 51a8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93af1f5e4170 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93aef7670750 01dc93aef8506d4f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93afa167635d 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93af7d0f4ca7 01dc93af7d0f4ca7 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc93afa167635d 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93af7d1422db 01dc93af7d1422db Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc93afb8b60584 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93af94e42c5e 01dc93af94e42c5e Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc93afeac383e9 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93afc504a969 01dc93afc504a969 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc93b148cb5bd2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b0ff8450da 01dc93b122a81ead Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b17aec17d6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b151878724 01dc93b156967a4c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93b1b091b341 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b18a9884f1 01dc93b18a9884f1 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b24d7b8d10 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b228f9fd8a 01dc93b229a53000 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b27f7d5567 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b259cdd2e2 01dc93b25a702f8a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b2b4bdc7b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b28db6b50d 01dc93b28e6c0973 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b2ed476cad 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b2c733a77b 01dc93b2c7db35a1 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b325da5bee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b2fe52e701 01dc93b2fef92daa Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc93b41c48c0c2 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc93b3f55174ad 01dc93b3f55174ad Block | File and Folder Access Attempts (Public) 52b8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
222 01dc93b483885cdd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b45e52c134 01dc93b45e52c134 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b4bf7f73c9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b4826df19e 01dc93b49a1aaf10 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc93b5cd336400 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc93b5a7e8045b 01dc93b5a7e8045b Block | File and Folder Access Attempts (Public) 52b8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93b5e12a86a1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b5b99b9b27 01dc93b5ba61bb43 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93b5f1dc632b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b5cdbe8ad9 01dc93b5cdbe8ad9 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b67dd56256 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b64786ca1e 01dc93b6596072af Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b6bd17ac29 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b69827f896 01dc93b698dcf5a7 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b73f1e64c5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b71757532c 01dc93b71820a6ea Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc93b7532d2a09 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc93b72e1f9f6e 01dc93b72e1f9f6e Browser Restrictions | [AC13-1.2] Allow to launch system process 70e4 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc93b7532d2a09 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""31728" "\\.\pipe\gecko-crash-server-pipe.31728" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "964" "968"" Create Process 0000000000000000 01dc93b72ed1bd97 01dc93b72ed1bd97 Browser Restrictions | [AC13-1.2] Allow to launch system process 7bf0 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc93b817ea42ee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b7f1507e27 01dc93b7f218850f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b8f42755f9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b8cdcce4aa 01dc93b8ce897175 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b9795ad457 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b953fa8563 01dc93b954b4fba3 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b9a4bc48f6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b97f991cb0 01dc93b9804d16ee Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93b9d37d8d28 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b9ae0b564b 01dc93b9aec7553f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93ba0571a549 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93b9e1a65a05 01dc93b9e1a65a05 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ba30d3869c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ba08d4cba6 01dc93ba0bd7b53b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93ba44e906ce 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ba1dcedc6a 01dc93ba1ee10cc7 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ba9bb5af9a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ba706361e1 01dc93ba75edb95c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93bad116e39c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93baac5e4ff9 01dc93baad061d97 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93bb3b9d211a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93baf46af83f 01dc93bb15730037 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93bc1e48f396 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93bbd1988deb 01dc93bbf7f8a4de Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
239 01dc93bc5a26f3d7 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Read 0000000000000000 01dc93bc344db50f 01dc93bc344db50f Block | File and Folder Access Attempts (Temp) 297c C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\EFD9346C-CECE-48AC-98DF-56CD841892FE\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23b 01dc93bc5a26f3d7 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Delete 0000000000000000 01dc93bc344db50f 01dc93bc344db50f Block | File and Folder Access Attempts (Temp) 297c C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\EFD9346C-CECE-48AC-98DF-56CD841892FE\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23a 01dc93bc5a26f3d7 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Write 0000000000000000 01dc93bc344db50f 01dc93bc344db50f Block | File and Folder Access Attempts (Temp) 297c C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\EFD9346C-CECE-48AC-98DF-56CD841892FE\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93bd824c3a32 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93bd5b1e6ff2 01dc93bd5dfd1df6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93be579d1110 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93be2fe2c152 01dc93be30aaf135 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93be9d87ffea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93be76c5ac3b 01dc93be7763ff7b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93bed645c2ed 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93beb0d6087f 01dc93beb19d837e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93bf2d0c0416 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93bf07fd95aa 01dc93bf08ab9601 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c0c02ddc6e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c099440568 01dc93c09a0b2657 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c13ed443ad 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c119b2c2a1 01dc93c11a5e2e47 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c1bd8a5329 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c1960d121c 01dc93c196c4439b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93c1e23ba0d1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c19a8ee329 01dc93c1bbb151a7 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c2d907aaea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c2b1dfab01 01dc93c2b51559a3 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
239 01dc93c2f3b8d5cd 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Read 0000000000000000 01dc93c2ccb88ad0 01dc93c2ccb88ad0 Block | File and Folder Access Attempts (Temp) 5a78 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\6A928565-00EA-4DFF-8856-96A4447AC590\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23b 01dc93c2f3b8d5cd 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Delete 0000000000000000 01dc93c2ccb88ad0 01dc93c2ccb88ad0 Block | File and Folder Access Attempts (Temp) 5a78 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\6A928565-00EA-4DFF-8856-96A4447AC590\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23a 01dc93c2f3b8d5cd 1f6 0 1 0 - Caller SHA256=1792731e030b7fe35a7eb21c9f907eae6e4ac381de918003f2709185c4ce0a5a File Write 0000000000000000 01dc93c2ccb88ad0 01dc93c2ccb88ad0 Block | File and Folder Access Attempts (Temp) 5a78 C:\Windows\System32\wbem\WmiPrvSE.exe 0 No Module Name C:\Windows\Temp\6A928565-00EA-4DFF-8856-96A4447AC590\DismHost.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c34db9ddc7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c30306b050 01dc93c3277309b0 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93c35b1b9099 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c3359ea833 01dc93c337274a12 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c3e3fcfc8d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c3be95e39d 01dc93c3bf699acd Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c44eb85224 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c429e04900 01dc93c42a96d52e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c4a207b6d2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c47ab57349 01dc93c47b7629bb Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93c4a55d417f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c480847d6f 01dc93c480847d6f Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc93c4cd569757 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc93c4a7ee034a 01dc93c4a7ee034a Browser Restrictions | [AC13-1.2] Allow to launch system process b594 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc93c4cd569757 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""23044" "\\.\pipe\gecko-crash-server-pipe.23044" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1008" "1004"" Create Process 0000000000000000 01dc93c4a83d9d93 01dc93c4a83d9d93 Browser Restrictions | [AC13-1.2] Allow to launch system process 5a04 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc93c4d3fcc0a7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c4acd9a613 01dc93c4ad70533a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c5136268a0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c4eee54b49 01dc93c4ef81d319 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93c53ebf44e8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c519549152 01dc93c519549152 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c5636bce94 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c53c2ea480 01dc93c53cd15803 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc93c5c0d2ea6a 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc93c59b531abe 01dc93c59b531abe All Applications | [AC7-2.1] File and Folder Access Attempts 3ae4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31CA53F4-9E73-436F-B7DF-15A3E01B57F1}\EDGEMITMP_57681.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d1 01dc93c5c0d2ea6a 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc93c59b531abe 01dc93c59b531abe All Applications | [AC7-2.1] File and Folder Access Attempts 3ae4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31CA53F4-9E73-436F-B7DF-15A3E01B57F1}\EDGEMITMP_57681.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc93c5c0d2ea6a 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc93c59b531abe 01dc93c59b531abe All Applications | [AC7-2.1] File and Folder Access Attempts 3ae4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31CA53F4-9E73-436F-B7DF-15A3E01B57F1}\EDGEMITMP_57681.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93c5c7807008 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c5a15d17be 01dc93c5a21bbf2d Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e6 01dc93c5cad82de5 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc93c5a4897caf 01dc93c5a4897caf All Applications | [AC7-2.1] File and Folder Access Attempts 3ae4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31CA53F4-9E73-436F-B7DF-15A3E01B57F1}\EDGEMITMP_57681.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source15076_584551042\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc93c5cad82de5 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc93c5a4897caf 01dc93c5a4897caf All Applications | [AC7-2.1] File and Folder Access Attempts 3ae4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31CA53F4-9E73-436F-B7DF-15A3E01B57F1}\EDGEMITMP_57681.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source15076_584551042\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc93c5cad82de5 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc93c5a4897caf 01dc93c5a4897caf All Applications | [AC7-2.1] File and Folder Access Attempts 3ae4 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{31CA53F4-9E73-436F-B7DF-15A3E01B57F1}\EDGEMITMP_57681.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source15076_584551042\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93c6358840e5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c60e85bfed 01dc93c6104d125a Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c6d9094f02 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c6b1f9c7f8 01dc93c6b2a571b6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c793d19fb0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c76e028f61 01dc93c76ec04b1e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c7c9275c7a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c7a18db517 01dc93c7a24b96e2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c8054caea6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c7dda3510f 01dc93c7de55459d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc93c844994721 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc93c81e7ec11a 01dc93c81e7ec11a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1094 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\58BE1922-B295-77B2-B049-CA6E56C784F8\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc93c844994721 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93c81e7ec11a 01dc93c81e7ec11a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1094 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\58BE1922-B295-77B2-B049-CA6E56C784F8\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
290 01dc93c844994721 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93c81e7ec11a 01dc93c81e7ec11a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1094 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\58BE1922-B295-77B2-B049-CA6E56C784F8\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93c9c7082d13 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93c9a0eb8006 01dc93c9a18ab8cb Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ca8857b15d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ca5c9bc4ee 01dc93ca62acf223 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93cb7f2109a4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cb5ac99a3d 01dc93cb5ac99a3d Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93cbc863572b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cb9e8d58e0 01dc93cba295b188 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93cc4087e51f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cc19e34324 01dc93cc19e34324 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc93cc75de5ca2 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93cc4f4611a9 01dc93cc4f47fbbb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1094 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\58BE1922-B295-77B2-B049-CA6E56C784F8\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc93cc75de5ca2 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93cc4f47fbbb 01dc93cc4f47fbbb Prevent modification of system files | [AC14-2.1] Prevent modification of system files 1094 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\58BE1922-B295-77B2-B049-CA6E56C784F8\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93cd445ac9ce 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cd1d38f6a4 01dc93cd1f4bf045 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93cdee681cd8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cdb188f0a0 01dc93cdc96f7d1f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ce2dc8b580 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ce07090afe 01dc93ce07d59bba Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc93cf212248d6 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93cefb67bf0c 01dc93cefb67bf0c Block | File and Folder Access Attempts (program data) 74a4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93cf4ff26801 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cf0ba14cdb 01dc93cf28e9e0ff Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93cfba3c38c3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93cf92e36536 01dc93cf93b9bd35 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d0c531e75b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d0a04941f3 01dc93d0a15a7f85 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d13a16534e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d115a7caba 01dc93d1164059bc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d1658b5cbe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d13ebb1f8b 01dc93d13f5cadf4 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d1f1629de0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d1cb54ae91 01dc93d1cbe58356 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93d230bdac77 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d20a08d92c 01dc93d20b73b603 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d2376dd53e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d2036fe026 01dc93d2126f99cc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d2ca14f4e6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d299ee1ed4 01dc93d2a4bc079b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d31a216740 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d2eae88e72 01dc93d2f57b63e5 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93d366da5ff1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d342ff2a84 01dc93d342ff2a84 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d3778b00b8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d34fc3096e 01dc93d35098158c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d46b062d4c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d429c1235d 01dc93d4451961aa Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
222 01dc93d52258b9fc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d4fc398fcd 01dc93d4fc398fcd Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d583021c3b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d55c18f377 01dc93d55cb7caf3 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d5c24239a6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d59d491408 01dc93d59e0509f5 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d61250153a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d5ec31d082 01dc93d5ecc2796d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d679a2e2c6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d6238b710f 01dc93d652beabdd Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
206 01dc93d755d1cf5f 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc93d73161a909 01dc93d73161a909 Block | File and Folder Access Attempts (Public) 52b8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
26a 01dc93d7bd1e576a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93d79721c12f 01dc93d79721c12f Block | File and Folder Access Attempts (program data) 694c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc93d866e45f6c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d83f39f56f 01dc93d840019844 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d91e0754f1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d8e55f3338 01dc93d8f8911b05 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93d981f50a33 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d95c9737ae 01dc93d95d683329 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc93d992a22182 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc93d96ca69492 01dc93d96ca69492 Block | File and Folder Access Attempts (Public) 69c0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc93d9cb295c67 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93d9a5da03bd 01dc93d9a69e7c6b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93da3fbf6197 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93da193a58c6 01dc93da1a16a169 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93db78919259 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93db51eb2dfd 01dc93db5297aa68 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93dbe9ac9066 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93dbc20648ff 01dc93dbc2bebe76 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93dc32eb8672 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93dc0c69bdd0 01dc93dc0d2706f0 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc93dc9012b049 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93dc6ac10d27 01dc93dc6ac10d27 Block | File and Folder Access Attempts (program data) 8f80 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93dcf7502356 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93dcbb3c597f 01dc93dcd3894cd6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93dd07fc4a87 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93dce31978c1 01dc93dce31978c1 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93dd3692c3f7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93dd11df4495 01dc93dd12b1389a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ddfe3fd939 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ddd91aac4f 01dc93ddd9df31b2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93deae8b9a29 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93de89e88a3a 01dc93de8a8b5507 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93df12686225 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93deed4928f1 01dc93deee0d9630 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93df943bf65b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93df666d52bf 01dc93df7014fd2d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e184c7aed0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e146fec735 01dc93e15ef9224f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e1e2276cf3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e18369b4a9 01dc93e1bb1c88df Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e224d11fcf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e1feedf7e5 01dc93e1ffc222db Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93e271759b0f 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93e24bc2c207 01dc93e24bc2c207 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc93e27175b081 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93e24bc62627 01dc93e24bc62627 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc93e288b9e28c 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93e2626be087 01dc93e2626be087 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc93e2b40557a7 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc93e29002b01c 01dc93e29002b01c Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc93e30aa862fc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e2e5f6fbf9 01dc93e2e6a84ce9 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93e31b41dce0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e2f6bc388e 01dc93e2f6bc388e Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e38fd872b3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e36a8090e5 01dc93e36b1f2e4c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e3b7cc9c46 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e39048d2cf 01dc93e3911be284 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e3f061d9c8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e3c0f23974 01dc93e3cb9f9011 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e43cfc8edf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e418590712 01dc93e4191d8acf Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e49a3d1605 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e45184eb25 01dc93e4759242dc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e6a4fcba24 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e65321d422 01dc93e67ef0960d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e6d709f364 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e6b1c0daed 01dc93e6b295efbf Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e730eca879 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e70961c5b1 01dc93e70a2fa8a8 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e762d9bf33 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e73c09b4ea 01dc93e73cd2f73d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc93e7de1a2ea8 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93e7b79bd585 01dc93e7b79bd585 Block | File and Folder Access Attempts (program data) 772c C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93e83ea66b62 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e8182ed1d0 01dc93e818ffad37 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e89f220a01 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e87a3b25e5 01dc93e87afdf7c9 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93e8a279746d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e87c8d9f27 01dc93e87d7abddf Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93e8fc6b5878 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e8d5613685 01dc93e8d5613685 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93e931a47bf0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e8f1479c13 01dc93e90c17f3fc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93e9a6119a7a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93e97fb0ae4e 01dc93e97fb0ae4e Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93eacb135e49 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ea93ea6e11 01dc93eaa4a30570 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93eb53de46fa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93eb2f5dc49b 01dc93eb300f07c6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ebc1c0dd6d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93eb94182cdd 01dc93eb9d67788c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ed39e9c5db 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ed13b43e72 01dc93ed1480165c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93edb1b38dfd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ed695c7087 01dc93ed8d1eb18b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ee263227b0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93eddf346f20 01dc93edfff50028 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ee6f723473 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ee32606744 01dc93ee49b21510 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93eee085d765 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93eeb8129066 01dc93eeba4f8a1c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93ef29b8c127 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ef03ba495c 01dc93ef0487ec65 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93efcce8c425 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93efa6173792 01dc93efa701ffac Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc93f06ce6297f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93eff9af5a2c 01dc93f0464352bc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93f087935dd5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f062166a6d 01dc93f062166a6d Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f116b8da16 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f0ef652301 01dc93f0f027b40e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f141fa5314 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f11c51e708 01dc93f11d239e84 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc93f166b5abdd 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93f141a7963d 01dc93f141a7963d Block | File and Folder Access Attempts (program data) cf90 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93f16a108d28 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f142e47ee0 01dc93f143da7a98 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f1e549d8a3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f1bdf938c0 01dc93f1bed06f78 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc93f1fff9aeef 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc93f1da861208 01dc93f1da861208 Browser Restrictions | [AC13-1.2] Allow to launch system process d084 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc93f1fff9aeef 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""1960" "\\.\pipe\gecko-crash-server-pipe.1960" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1000" "1012"" Create Process 0000000000000000 01dc93f1db3892a0 01dc93f1db3892a0 Browser Restrictions | [AC13-1.2] Allow to launch system process 7a8 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
28d 01dc93f22b416de5 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc93f2074cce2a 01dc93f2074cce2a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 84e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\20BC1113-803A-6405-E41B-01522B66C0E8\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc93f22b416de5 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93f2074cce2a 01dc93f2074cce2a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 84e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\20BC1113-803A-6405-E41B-01522B66C0E8\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc93f22b416de5 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93f2074cce2a 01dc93f2074cce2a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 84e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\20BC1113-803A-6405-E41B-01522B66C0E8\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f2ec64f02d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f2a41672ec 01dc93f2c6d4eaf6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f34d173e74 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f32741f92d 01dc93f32857b762 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f385cf3d78 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f35ebd05d3 01dc93f35ff45d3c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f3b7cfc9d5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f38db92dd2 01dc93f39352c2ea Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f40b359f30 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f3e65d05f9 01dc93f3e6fac2d1 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f4762aaf09 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f42b4ab5b5 01dc93f44f2e5814 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93f4dd91e3ba 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f4b8c9d1a2 01dc93f4b8c9d1a2 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f5f5e8d26b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f5ce9db081 01dc93f5cf85efb7 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc93f65d402c25 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93f6381c266c 01dc93f6381c266c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 84e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\20BC1113-803A-6405-E41B-01522B66C0E8\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc93f65d402c25 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc93f6381c266c 01dc93f6381c266c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 84e4 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\20BC1113-803A-6405-E41B-01522B66C0E8\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f7a3c939bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f7533ef61c 01dc93f77df88ff6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f804789e67 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f7b58d5a46 01dc93f7dffa8179 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93f80b1a4258 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f7e6aebc45 01dc93f7e6aebc45 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f85e57f525 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f81a76d6cf 01dc93f8384fe59e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f954e99250 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f92eeee74b 01dc93f92fc4e3af Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f998328b94 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f9554b878d 01dc93f9729c8aca Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93f9dae1958b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f9b43c3f2f 01dc93f9b43c3f2f Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93f9f8e7cd32 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93f9cb0a0bd0 01dc93f9d30f9aa7 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fa2ac83c2e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fa03333fde 01dc93fa03e7ea04 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fa6a2174b0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fa32dff2ff 01dc93fa43f2cddc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93facac45c8c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93faa538957e 01dc93faa609139d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fb3223892c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fb0a97309f 01dc93fb0b7215ed Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fb5a1af540 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fb34b0074f 01dc93fb358a5f75 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93fbe2d3d9ee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fb9ff089ff 01dc93fbbd024ce7 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fc00ebf7c8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fbd9311c93 01dc93fbda6cca15 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93fc2c2b0030 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fc0511cfc2 01dc93fc0511cfc2 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc93fce005195a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fcb548793c 01dc93fcbb8e79e5 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fd25fb3cad 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fcfeb26496 01dc93fcff6adb9f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fd8d2263ea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fd66ca2c69 01dc93fd67ae782a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fe36e4ae88 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fdd4451138 01dc93fe12e3f33b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fe839429f7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93fe5c12aa4f 01dc93fe5ce3d4f8 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc93fef4d082e8 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc93fed0bd9438 01dc93fed0bd9438 Block | File and Folder Access Attempts (program data) 7470 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc93ff3ab5e2cb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ff149a179e 01dc93ff157f2ac4 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc93ff79e8590a 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc93ff544f422c 01dc93ff544f422c Browser Restrictions | [AC13-1.2] Allow to launch system process de54 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc93ff79e8590a 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""59936" "\\.\pipe\gecko-crash-server-pipe.59936" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1004" "1008"" Create Process 0000000000000000 01dc93ff54d1159c 01dc93ff54d1159c Browser Restrictions | [AC13-1.2] Allow to launch system process ea20 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc93ff9136fe14 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ff5c79ea2b 01dc93ff6c71f42a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc93fffefd6a28 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ffd3a7514b 01dc93ffd9e32afe Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94000254d9cf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc93ffc339076c 01dc93ffdd9b22cf Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9400484453ac 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940020d4f2f2 01dc940021b75cb1 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94008acb471d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9400653e40dc 01dc9400653e40dc Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9400af709fe5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940088e3f8e8 01dc9400898216d5 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9401c3b17272 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940192e80286 01dc94019ee3b237 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
234 01dc940234e2706a 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9402107cf261 01dc9402107cf261 Block | File and Folder Access Attempts (Public) 3108 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc94028eb27808 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94025704bcaf 01dc940267d640b2 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9402c73dbf63 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9402a2213290 01dc9402a30a920e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a8 01dc940309c50e7f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9402e36416f4 01dc9402e36b3f42 Block | File and Folder Access Attempts (program data) 2cbc C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Cached Installs\Setup.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 177ec8 00000002 00000000000000000000000000000000 00000000
2aa 01dc940309c50e7f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9402e3667bf9 01dc9402e36b3f42 Block | File and Folder Access Attempts (program data) 2cbc C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Cached Installs\smcinst.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1146c8 00000002 00000000000000000000000000000000 00000000
206 01dc94037acf675c 1f6 0 1 0 - Caller SHA256=00ec9d17ef03e73c1b1572575191792c0abb4ad3c63785d8189a100628b3a923 File Read 0000000000000000 01dc940354a2da96 01dc940354a53c7e Block | File and Folder Access Attempts (Public) 52b8 C:\Windows\explorer.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc9403a2d9eaaa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94037d7eaa17 01dc94037e92474c Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940511265f54 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9404ea93f82e 01dc9404eb3e1190 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9406dfec1596 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9406b87db375 01dc9406b9447bed Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94074a9fc743 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94072610892c 01dc940726d2a90b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc9407e3ba2ba6 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9407bd186f70 01dc9407bd186f70 Block | File and Folder Access Attempts (program data) 7128 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc94083a5fcbf6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9407f8c9a375 01dc9408140265ca Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc940876673281 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9408260e4195 01dc940852961c00 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9408b90c9ddd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940891639b21 01dc940893ebf38d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9408fbac71ca 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9408c43e4d06 01dc9408d7690297 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9409738ee642 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94090228f2cd 01dc94094cafee88 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9409738ee642 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94094f5f75f9 01dc94094f5f75f9 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9409ff6ef5eb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9409d2eced2e 01dc9409d911d3de Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc940a69d8d3f8 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc940a4346a8ef 01dc940a4346a8ef Block | File and Folder Access Attempts (program data) 5e44 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc940a6d3000dd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940a2b144f52 01dc940a48d98697 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940affbb5675 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940ad816b37f 01dc940ad8e9fd29 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940b45b0d2a2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940afdd6e1d4 01dc940b210f1f20 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940bbd834ff6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940b973c2eab 01dc940b98296271 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940c1df20daf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940bf757ac1a 01dc940bf81ebdd6 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940c7494ba2d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940c4191aab1 01dc940c4f753d52 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc940c7b418870 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940c56efec5c 01dc940c56efec5c Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940cf31ce08d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940cc8d5c872 01dc940ccee70e9a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc940d2bb90bcd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940d0610d0b9 01dc940d0610d0b9 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc940e46ff2de8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940e20e46ce3 01dc940e20e46ce3 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940e9da40577 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940e77d0ac34 01dc940e78890b19 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940f8d9da3c6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940f6703f032 01dc940f67dbb94d Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc940fc2e5a6ee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940f9c7bbf8c 01dc940f9d38ee8b Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94100262a191 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc940fdc2673a4 01dc940fdc2673a4 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc941034577dec 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94100caea0cf 01dc94100dc5556f Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94109b8be5a1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94107472400b 01dc941075091fa0 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9410de256f66 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941099242ec5 01dc9410b71bb249 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc94117dfb7b38 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9411581c2488 01dc9411581c2488 Block | File and Folder Access Attempts (Public) d5a8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc94124940b1e4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9412108645ef 01dc941225758f6e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9412ad535ffd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94125e622bf2 01dc941286ca087a Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9412e5f732e9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9412c078dd4f 01dc9412c15333cc Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941364884666 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94133ecfa686 01dc94133ecfa686 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc941367dffc4d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9413400e3615 01dc941340fb8930 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc941446f71306 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9413d38bfe94 01dc94142086e049 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc941478e81d74 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc941455181437 01dc941455181437 Block | File and Folder Access Attempts (program data) 655c C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9414bb8cdd94 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94149468f921 01dc94149523dee1 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9414fe2e3741 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9414da3971fb 01dc9414da3971fb Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc94151c3afdbd 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9414f7b9bd80 01dc9414f7b9bd80 Block | File and Folder Access Attempts (program data) 57e4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
222 01dc94153d85bef1 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941516ec6122 01dc941516ec6122 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc94153d85bef1 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941516ef4c00 01dc941516ef4c00 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc941554ccecf5 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc94152df6f91f 01dc94152df6f91f Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc94158a267c05 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9415652f7e62 01dc9415652f7e62 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc9415942773b4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94156df6bdea 01dc94156ec07d24 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94162a13c17d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941602758264 01dc9416038b2c8e Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94168ac0f20c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941665faae8a 01dc941665faae8a Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc941694b40ac4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94166f6aaf7e 01dc941670318eba Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9416fbf287d8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9416d4ec4ff5 01dc9416d5e8c9da Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941806650137 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9417e2446890 01dc9417e2446890 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9418e24a6db1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9418bc36225d 01dc9418bc36225d Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94193f85e9cd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94191a5b9254 01dc94191b2e70b8 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc9419965ff4d3 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc941970960d48 01dc941970960d48 All Applications | [AC7-2.1] File and Folder Access Attempts 3548 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA878F1-52C4-48D7-9CC5-DA5A3D2C48E5}\EDGEMITMP_D7CEE.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
2d1 01dc9419965ff4d3 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc941970960d48 01dc941970960d48 All Applications | [AC7-2.1] File and Folder Access Attempts 3548 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA878F1-52C4-48D7-9CC5-DA5A3D2C48E5}\EDGEMITMP_D7CEE.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc9419965ff4d3 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc941970960d48 01dc941970960d48 All Applications | [AC7-2.1] File and Folder Access Attempts 3548 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA878F1-52C4-48D7-9CC5-DA5A3D2C48E5}\EDGEMITMP_D7CEE.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e6 01dc9419a0575132 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Read 0000000000000000 01dc94197a30da26 01dc94197a30da26 All Applications | [AC7-2.1] File and Folder Access Attempts 3548 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA878F1-52C4-48D7-9CC5-DA5A3D2C48E5}\EDGEMITMP_D7CEE.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source13640_883645957\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc9419a0575132 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Delete 0000000000000000 01dc94197a30da26 01dc94197a30da26 All Applications | [AC7-2.1] File and Folder Access Attempts 3548 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA878F1-52C4-48D7-9CC5-DA5A3D2C48E5}\EDGEMITMP_D7CEE.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source13640_883645957\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc9419a0575132 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=b7b7fc9fa8a002d4a0a9355470723a32fdf6d4d0e982ecdf32b17bd1bfaf4112 File Write 0000000000000000 01dc94197a30da26 01dc94197a30da26 All Applications | [AC7-2.1] File and Folder Access Attempts 3548 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{AFA878F1-52C4-48D7-9CC5-DA5A3D2C48E5}\EDGEMITMP_D7CEE.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source13640_883645957\144.0.3719.104\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9419a0575132 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94197b3fa679 01dc94197b3fa679 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941a64cb8204 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941a39aebcf6 01dc941a403d29b9 Block Write | File and Folder Access Attempts bb70 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc941a6ec6728e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941a46e31ca6 01dc941a49c9ded0 Block Write | File and Folder Access Attempts e368 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
147 01dc941b7219b381 1f5 f 3 0 Application and Device Control is ready System 0000000000000000 01dc941b2a5a18c3 01dc941b2a5a18c3 Built-in rule 0 SysPlant 0 SysPlant None None None None 0 3 164a8367 0 00000002 00000000000000000000000000000000 00000000
299 01dc941b721c15a3 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=bce8ab54e34fdc6a804a56de1e8a1f1b99da4c799a5f08feb5ee40103100d569 File Read 0000000000000000 01dc941b36699452 01dc941b36699452 Block | File and Folder Access Attempts (program data) 46c C:\Windows\System32\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\BashDefs\20260129.011\BHDrvx64.sys Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1a1228 00000002 00000000000000000000000000000000 00000000
292 01dc941b721e7842 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941b3782edca 01dc941b3782edca Block | File and Folder Access Attempts (program data) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
292 01dc941b7220e3fc 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941b3782edca 01dc941b3782edca Block | File and Folder Access Attempts (program data) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72233d60 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874946a 01dc941b3874946a Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2aa 01dc941b722803f1 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b3874946a 01dc941b3874946a Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2aa 01dc941b722a6424 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b3874c013 01dc941b3874c013 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72364fdb 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874c013 01dc941b3874c013 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2aa 01dc941b723b15c6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b3874c013 01dc941b3874c013 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b723fddae 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874c013 01dc941b3874c013 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b7252ebd8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874d60c 01dc941b3874d60c Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2aa 01dc941b7257b076 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b3874d60c 01dc941b3874d60c Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b725c7912 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874d60c 01dc941b3874d60c Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2aa 01dc941b7265fe99 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b3874d60c 01dc941b3874d60c Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b726ac35d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874ecf6 01dc941b3874ecf6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2aa 01dc941b726f8823 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b3874ecf6 01dc941b3874ecf6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b7276af3a 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874ecf6 01dc941b3874ecf6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b727911bd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874ecf6 01dc941b3874ecf6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b727dd611 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3874ecf6 01dc941b3874ecf6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72829ae5 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b387502ad 01dc941b387502ad Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72982ce3 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b387502ad 01dc941b387502ad Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b729f377b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b387502ad 01dc941b387502ad Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72a3fbad 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b387502ad 01dc941b387502ad Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
2a9 01dc941b72ad8518 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b387516d3 01dc941b387516d3 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72afe7a3 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38751844 01dc941b38751844 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72b24a2d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38751844 01dc941b38751844 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72b70ea5 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38752e05 01dc941b38752e05 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72be35ae 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38752e05 01dc941b38752e05 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72c2fbd3 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38752e05 01dc941b38752e05 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72c55ca1 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38752e05 01dc941b38752e05 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72dad1d4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38754388 01dc941b38754388 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72dd341c 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38754388 01dc941b38754388 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a9 01dc941b72e1f8ee 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3875577a 01dc941b3875577a Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{41244DDB-A8A0-4771-926C-4740BE6ABD0D}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ae 01dc941b72e45b2e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38783b36 01dc941b38783b36 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{CBB65CA3-938E-49E1-AD09-21D2FAF14672}\I386\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ae 01dc941b72e6c022 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38783f18 01dc941b38783f18 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\W32X86\{CBB65CA3-938E-49E1-AD09-21D2FAF14672}\I386\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc941b72eb8239 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=bce8ab54e34fdc6a804a56de1e8a1f1b99da4c799a5f08feb5ee40103100d569 File Read 0000000000000000 01dc941b3879a061 01dc941b3879a061 Block | File and Folder Access Attempts (program data) 46c C:\Windows\System32\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\IPSDefs\20260129.094\IDSvia64.sys Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 17e410 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b72ede4a2 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a3 01dc941b72f04704 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a3 01dc941b72f50b97 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b72f9d1e2 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b730ce4b9 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a3 01dc941b7311a7d6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b731d9397 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a3 01dc941b7322588f 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b73271d37 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a3 01dc941b73297f6c 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b732e4441 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a3 01dc941b73330a2b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b73356b43 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b7337d1de 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b734ae076 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b734fa512 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b7352075b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b7354989f 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b73593007 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b735df742 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b736056af 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b7369def6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b736ea3b2 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b7371061a 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b738418e7 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b738b3fda 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b7390048b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b73926875 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a2 01dc941b73972b80 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b38df4733 01dc941b38df4733 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{98F4FB40-4709-4CC1-BB3A-6B02C0AEE22E}\tsprint.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73998deb 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392b75d6 01dc941b392b75d6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73aa43bc 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392b75d6 01dc941b392b75d6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73af0314 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73b16582 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73b62a1b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73d2fedd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73d78b25 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73dc4fbf 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73deb4b9 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73e5d928 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73f1c946 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a7 01dc941b73f4283d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Delete 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73f8ec37 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b73fdb0b8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b74001313 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b74158824 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b741a4ce0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b741caf2f 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b742173fc 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b7423d64b 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b74263aa3 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b742b0089 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b742fc207 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b7432247e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b7436e923 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b7449fbfb 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b744c5e5e 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b745129a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a6 01dc941b74538550 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b392dd83e 01dc941b392dd83e Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{490A31C7-6139-41E0-B1CF-BED1886CFE85}\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ac 01dc941b74584a21 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3939c5a1 01dc941b3939c5a1 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{57373290-E450-4EB3-B61A-B0A8FED98439}\Amd64\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ac 01dc941b745d0eee 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=f6c4f2d9b408783fee17f260b6b9002806f5305543c8f3161fa0e3ca87588fc5 File Write 0000000000000000 01dc941b3939c5a1 01dc941b3939c5a1 Prevent modification of system files | [AC14-2.1] Prevent modification of system files e60 C:\Windows\System32\spoolsv.exe 0 No Module Name C:\Windows\System32\spool\drivers\x64\{57373290-E450-4EB3-B61A-B0A8FED98439}\Amd64\PrintConfig.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
282 01dc941b745f7120 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=bce8ab54e34fdc6a804a56de1e8a1f1b99da4c799a5f08feb5ee40103100d569 File Read 0000000000000000 01dc941b3bda21bb 01dc941b3bda21bb Block | File and Folder Access Attempts (program data) 46c C:\Windows\System32\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\srtsp64.sys Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 f3878 00000002 00000000000000000000000000000000 00000000
282 01dc941b7461d36f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=bce8ab54e34fdc6a804a56de1e8a1f1b99da4c799a5f08feb5ee40103100d569 File Read 0000000000000000 01dc941b3c58785f 01dc941b3c58785f Block | File and Folder Access Attempts (program data) 46c C:\Windows\System32\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\SymEvnt.sys Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 e8600 00000002 00000000000000000000000000000000 00000000
237 01dc941b74643768 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=90d120880614e1e2a94067baad1454b09e2be7a9da51b71e33c247077d9f9538 File Read 0000000000000000 01dc941b597b5f84 01dc941b597b5f84 All Applications | [AC7-2.1] File and Folder Access Attempts 4714 C:\Windows\System32\cmd.exe 0 No Module Name C:\Windows\System32\silcollector.cmd Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 8ea 00000002 00000000000000000000000000000000 00000000
2cc 01dc941bc9262c0d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc941ba55dc329 01dc941ba560255a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 663c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\E584071C-02EF-41B6-B974-8345C9B63868MpCommU\mpam-2d567c33.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc941bc9262c0d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc941ba560255a 01dc941ba560255a Prevent modification of system files | [AC14-2.1] Prevent modification of system files 663c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\E584071C-02EF-41B6-B974-8345C9B63868MpCommU\mpam-2d567c33.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc941bcc82de52 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc941ba562f38c 01dc941ba564eb83 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 663c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\5B20C0DE-21A2-47A3-9C6A-F43C3A542688MpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc941bcc82de52 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc941ba564eb83 01dc941ba564eb83 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 663c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\5B20C0DE-21A2-47A3-9C6A-F43C3A542688MpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941bd9e2787a 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941bb5efb98c 01dc941bb5efb98c Block | File and Folder Access Attempts (Public) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc941bd9e2787a 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941bb5fe071d 01dc941bb5fe071d Block | File and Folder Access Attempts (Public) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
28d 01dc941c16106ced 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc941bf00c622c 01dc941bf00c622c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 7544 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\39027A9F-1C8B-7724-6749-BA9CB0C70189\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc941c16106ced 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc941bf00c622c 01dc941bf00c622c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 7544 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\39027A9F-1C8B-7724-6749-BA9CB0C70189\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc941c16106ced 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc941bf00c622c 01dc941bf00c622c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 7544 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\39027A9F-1C8B-7724-6749-BA9CB0C70189\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941c4eafb25f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941c27c27c5a 01dc941c27c27c5a Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc941c700b8826 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941c4a3251cb 01dc941c4a3251cb Block | File and Folder Access Attempts (system32) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
2aa 01dc941cb6172cfe 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc941c90cf954b 01dc941c90cf954b Block | File and Folder Access Attempts (program data) 55d0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Cached Installs\smcinst.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1146c8 00000002 00000000000000000000000000000000 00000000
2cc 01dc941ceebd7600 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc941cc8f590be 01dc941cc8f590be Prevent modification of system files | [AC14-2.1] Prevent modification of system files 8120 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\BADB8E7F-22A3-433A-836F-00D49E8A58CCMpCommU\mpam-c318093d.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc941ceebd7600 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc941cc8f590be 01dc941cc8f590be Prevent modification of system files | [AC14-2.1] Prevent modification of system files 8120 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\BADB8E7F-22A3-433A-836F-00D49E8A58CCMpCommU\mpam-c318093d.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2c9 01dc941ceebd7600 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc941cc8fa53e1 01dc941cc8fa53e1 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 8120 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\6FFBAE4B-090B-42CE-ADED-B4D696441A07MpCommU\UpdatePlatform.exe Default LAKE$ WORKGROUP 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc941ceebd7600 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc941cc8fa53e1 01dc941cc8fa53e1 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 8120 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\6FFBAE4B-090B-42CE-ADED-B4D696441A07MpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc941d8f0ce5b2 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc941d6a0b37d3 01dc941d6a0b37d3 Block | File and Folder Access Attempts (system32) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc941dc45a0702 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941d99387209 01dc941d9f9b0a74 Block Write | File and Folder Access Attempts 44d8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941dce54caaf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941da91868e4 01dc941da91868e4 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc941e60ac13e6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941e3b5d7d07 01dc941e3c459d97 Block Write | File and Folder Access Attempts 44d8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cc 01dc941fc84c0796 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc941fa31f6146 01dc941fa321c305 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 9d70 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\E0081E13-43FD-44BB-A373-D5225BE57B2FMpCommU\mpam-94c7000e.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc941fc84c0796 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc941fa321c305 01dc941fa321c305 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 9d70 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\E0081E13-43FD-44BB-A373-D5225BE57B2FMpCommU\mpam-94c7000e.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2c9 01dc941fc84c0796 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc941fa32687d8 01dc941fa328ea1c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 9d70 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\E67CAFFC-ECA8-4C03-A46D-18F5D8E8FA32MpCommU\UpdatePlatform.exe Default LAKE$ WORKGROUP 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc941fc84c0796 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc941fa328ea1c 01dc941fa328ea1c Prevent modification of system files | [AC14-2.1] Prevent modification of system files 9d70 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\E67CAFFC-ECA8-4C03-A46D-18F5D8E8FA32MpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc941fd5c8537f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc941fb0733720 01dc941fb0733720 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc9420545a4d6d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc94202e069831 01dc94202e069831 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 7544 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\39027A9F-1C8B-7724-6749-BA9CB0C70189\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9420545a4d6d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc94202e069831 01dc94202e069831 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 7544 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\39027A9F-1C8B-7724-6749-BA9CB0C70189\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9420902fdf07 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94206ba0e5ac 01dc94206c53bb49 Block Write | File and Folder Access Attempts 44d8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94236f852f13 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942347f02c4f 01dc942348cb85a7 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94241c8caa5a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9423f780c4d4 01dc9423f780c4d4 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9426136591a8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9425cbb44f22 01dc9425ed11cdab Block Write | File and Folder Access Attempts a450 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94267726cb79 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94264d051a53 01dc94265098a3a5 Block Write | File and Folder Access Attempts a450 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94297e31a09a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942956666473 01dc9429571c0e5f Block Write | File and Folder Access Attempts 4ac4 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9429acbd0a0a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9429844426ad 01dc9429869cf8bc Block Write | File and Folder Access Attempts 4ac4 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9429e1f91af7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9429ba000b17 01dc9429bd0e109a Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc942a2e7d4f3a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942a0784cf2f 01dc942a0784cf2f Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc942c03c9974a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942bde80cfbd 01dc942bde80cfbd Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2a8 01dc942d4d41509c 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc942d27f5a992 01dc942d27f80bfe Block | File and Folder Access Attempts (program data) 9a8c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Cached Installs\Setup.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 177ec8 00000002 00000000000000000000000000000000 00000000
223 01dc942d61331b85 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942d3bc6c345 01dc942d3c726bec Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc942d9d0c4f64 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942d73293162 01dc942d760ab92d Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc942dece4899f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942dc5ddc50e 01dc942dc6a8aac3 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94300e580768 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc942fe56757df 01dc942fe8a77a3a Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9430cbf014a9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9430a6632993 01dc9430a728a4b3 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
215 01dc9430e9d3eb31 1f6 0 1 0 - Caller SHA256=eb492665fc368e02ed9c19b5570bd826ce25bd3cdf7c18ef3d8af225d5263493 File Read 0000000000000000 01dc9430c33d38b8 01dc9430c33d38b8 Block | File and Folder Access Attempts (Public) 6018 C:\Windows\System32\SearchIndexer.exe 0 No Module Name C:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
222 01dc943111b2ea5a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9430e9e49b38 01dc9430eace4320 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9431cbbd0975 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94318cb28777 01dc9431a5d7f77c Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9431e304a481 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9431a8ee9c99 01dc9431be99cb42 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9432398f567d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9432153b8045 01dc9432153b8045 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94329a02a5ac 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94327402a085 01dc94327498ea47 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9434b459c96e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94348f4279ae 01dc94348fd18786 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc943521fbb914 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9434fa68ee6a 01dc9434fb03e83d Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9435c835ddbc 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9435a13ac2d3 01dc9435a13ac2d3 Block | File and Folder Access Attempts (program data) 526c C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9437074f4098 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9436e2bc05cb 01dc9436e3785fec Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc94384d35ce3d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943828254a94 01dc943828254a94 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9438a6fb891b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94387fd6fe07 01dc94388245e5f0 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc943a252ca0d9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9439fe9df4e4 01dc9439fea51ba3 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc943aa37bc037 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943a7e1f817d 01dc943a7ed716bc Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc943be9307950 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943bc4452d09 01dc943bc4e74dd2 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc943cc7f045a6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943c8bc8417c 01dc943ca2044b09 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc943d5d75097e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943d38d38fa9 01dc943d38d38fa9 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc943dc1278814 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943d9b491725 01dc943d9b491725 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc943f59f58382 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943f349b21d9 01dc943f35397483 Block Write | File and Folder Access Attempts 13e8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc944010ad6ac7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc943fcd7e1598 01dc943feb773ab2 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc9440885c511c 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9440619a2ffd 01dc9440619a2ffd Block | File and Folder Access Attempts (program data) 76b8 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9443d15b732e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9443a89db828 01dc9443aaef6424 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
238 01dc9443f29a06f0 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9443cb40d025 01dc9443cc25b29a Block | File and Folder Access Attempts (system32) 6288 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Windows\SysWOW64\mstsc.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
26a 01dc944413da4194 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9443f00597d1 01dc9443f00597d1 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
2a5 01dc94447788d96b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc944451546eb7 01dc94445156d0f0 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\adscan.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 2ee8c8 00000002 00000000000000000000000000000000 00000000
2a6 01dc94447788d96b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc944451546eb7 01dc94445156d0f0 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\speng64.dll Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 cff4c8 00000002 00000000000000000000000000000000 00000000
2a4 01dc94447788d96b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc944451546eb7 01dc94445156d0f0 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\spetw.dll Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 69700 00000002 00000000000000000000000000000000 00000000
2a6 01dc94447788d96b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc944451546eb7 01dc94445156d0f0 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\srtsp64.sys Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 f3878 00000002 00000000000000000000000000000000 00000000
2a8 01dc94447788d96b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc944451546eb7 01dc94445156d0f0 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\srtspscan.dll Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 f10c8 00000002 00000000000000000000000000000000 00000000
2a6 01dc94447788d96b 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc94445156d0f0 01dc944451593377 Block | File and Folder Access Attempts (program data) ae64 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\SymPlatform\SymEvnt.sys Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 e8600 00000002 00000000000000000000000000000000 00000000
223 01dc9444a2bde587 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9444389bb0a0 01dc94447d3e77c9 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9444c745619f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9444a20b140f 01dc9444a2a87000 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94455640a28c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94450f7aa220 01dc94452fa8b445 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9445a5ff4f65 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94457f0edf75 01dc94457fbcec2d Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9445d48b4275 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9445af603c00 01dc9445af603c00 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc9445ffc06b88 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc9445d8b0ff8f 01dc9445d8b0ff8f Prevent modification of system files | [AC14-2.1] Prevent modification of system files 38c0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\978C954A-FBE8-ACDA-672D-489D95541D2A\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc9445ffc06b88 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc9445d8b0ff8f 01dc9445d8b0ff8f Prevent modification of system files | [AC14-2.1] Prevent modification of system files 38c0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\978C954A-FBE8-ACDA-672D-489D95541D2A\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9445ffc06b88 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc9445d8b0ff8f 01dc9445d8b0ff8f Prevent modification of system files | [AC14-2.1] Prevent modification of system files 38c0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\978C954A-FBE8-ACDA-672D-489D95541D2A\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9446105f2a38 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9445eaff075f 01dc9445ebb69cd6 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9446f8f4c7fd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94467cf6a751 01dc9446d3a003b9 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94475ca4f524 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9447367122d7 01dc9447373bcc19 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9447b6607ec8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94479173f609 01dc944791fbdcb9 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9447e4e31118 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9447bdcdf048 01dc9447bdcdf048 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944870794008 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94484a25776f 01dc94484adf6f66 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9448ff5ebef0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9448dacdf15e 01dc9448dacdf15e Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944902b1ebe9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9448be9bd476 01dc9448ddf63289 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9449bceea83e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944998077e46 01dc944998cb00d5 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc944a2de331b6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc944a09826c0e 01dc944a09826c0e Prevent modification of system files | [AC14-2.1] Prevent modification of system files 38c0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\978C954A-FBE8-ACDA-672D-489D95541D2A\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc944a2de331b6 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc944a09826c0e 01dc944a09826c0e Prevent modification of system files | [AC14-2.1] Prevent modification of system files 38c0 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\978C954A-FBE8-ACDA-672D-489D95541D2A\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944a6660a26d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944a419216bb 01dc944a425cbdd3 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc944ac6bf5718 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944aa1b996b8 01dc944aa1b996b8 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944b0933c303 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944ae0504f01 01dc944ae3893f7f Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944b4ba88aad 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944b2547046c 01dc944b25f37867 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc944baf60e281 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944b8af63b19 01dc944b8b95f145 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944c663edfcd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944c3ec5a424 01dc944c41a198bc Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944d3b04ed09 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944cf18b30d0 01dc944d141a8b14 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944d80cecdb2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944d5953df2c 01dc944d5baf147e Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc944df8733acf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944dd2ca94b0 01dc944dd2ca94b0 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc944e2a4a8b1a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944e05a49e4d 01dc944e0665bdbe Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc944eddc7d921 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc944eb6cbea3a 01dc944eb6cbea3a Block | File and Folder Access Attempts (Public) 7ae0 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Users\Public\Downloads\desktop.ini Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc944f090845d7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc944ee41d286c 01dc944ee4ea3379 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9450382b3788 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9450132f3b66 01dc9450132f3b66 Block | File and Folder Access Attempts (Public) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc9450382b3788 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc94501331a17b 01dc94501331a17b Block | File and Folder Access Attempts (Public) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc945052c41f62 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc94502cbc3b46 01dc94502cbc3b46 Block | File and Folder Access Attempts (system32) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc9450815d05a6 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc94505b665837 01dc94505b665837 Block | File and Folder Access Attempts (system32) ecc C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc9450ebba2678 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9450c46cb0b5 01dc9450c530362a Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc945134db19da 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94510f4858bf 01dc94510fe816f9 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94517aa01c57 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945154e2a4a2 01dc945155800099 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9452b6530e08 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94528e780a64 01dc9452912def66 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc945402bd00b1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9453de95e5a2 01dc9453de95e5a2 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94545fd726c7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94543a6a839b 01dc94543b3439a9 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94554bbd4a55 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9454f492ec37 01dc94552670385d Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9455ff3ea40c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9455d8093b67 01dc9455d8f08025 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94564bae288e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945625c78a3e 01dc9456266c122d Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94567047dbdb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94564b6903f2 01dc94564c314a4b Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9456b62a3eb9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94568ef69d1a 01dc94568fd458e3 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc94573e763942 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945718af4b21 01dc945719838ff0 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9457739e6930 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94574d2d5941 01dc94574e317db7 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9457ee9c16cf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9457c9a94de4 01dc9457ca5e8147 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9458b969f29d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945868d07e8f 01dc94589485bc38 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9458f8999189 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9458d2b48ff0 01dc9458d35dd696 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc945931165cc8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94590a13420d 01dc94590a13420d Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9459a2200fca 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc94597bd17fe0 01dc94597c81e8ff Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9459f1eba89d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9459b38765d9 01dc9459ce09f08d Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc945b5fa2b6ff 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945b3a1bfdf1 01dc945b3abe1e90 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc945b8e2acd7c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945b67c69b97 01dc945b67c69b97 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc945bd0926d60 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945baa9bf336 01dc945baa9bf336 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc945bd3e59d55 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945b9ab04adb 01dc945baff6e508 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc945c4b8d27f1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945c26989790 01dc945c2741dfb3 Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc945dcd3994de 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945da67e9237 01dc945da67e9237 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc945dda88aace 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945d9252078d 01dc945db448678c Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc945df51bfff1 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc945dcfe5dc97 01dc945dcfe5dc97 Block | File and Folder Access Attempts (program data) af78 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc945e1309000e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945dece21272 01dc945ded86956c Block Write | File and Folder Access Attempts 8e54 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc945e34427bc7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc945e06e8bac3 01dc945e0ec768d7 Block Write | File and Folder Access Attempts 1f4c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc917d3fc64d0b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917d0132609e 01dc917d196fb8fe Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc917d891f3f71 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc917d6321ef28 01dc917d6321ef28 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b214 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AD6A32B5-601E-16E5-91F0-9E74B97DDB53\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc917d891f3f71 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc917d6321ef28 01dc917d6321ef28 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b214 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AD6A32B5-601E-16E5-91F0-9E74B97DDB53\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc917d891f3f71 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc917d6321ef28 01dc917d6321ef28 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b214 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AD6A32B5-601E-16E5-91F0-9E74B97DDB53\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc917dd27a74de 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917dab8564a7 01dc917dac442d99 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc917dfa6f0be4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917dd21f7b03 01dc917dd46a42da Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
222 01dc917e75bd8b23 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917e513f90a4 01dc917e51f34592 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc917ec8f923d4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917ea47a6841 01dc917ea47a6841 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc917f29c6af14 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917f0423c3d1 01dc917f04ea9796 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc917f51beaeb3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917f2b57d289 01dc917f2c3d5dcb Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc917f51beaeb3 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc917f2d54ad93 01dc917f2d54ad93 Block | File and Folder Access Attempts (program data) cae4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc917f9e58df80 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917f7759c607 01dc917f7803dab0 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc917fd3a18fcc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc917faf444f2d 01dc917fafd3f6c9 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc91805f9880c6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918037fc6024 01dc918038db5a7a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918087933abf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918061e84c14 01dc918062925b85 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9180bcdf90fc 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc918096984f0c 01dc918096984f0c Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc9180bcdf90fc 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9180969d13d7 01dc9180969d13d7 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc9180d0dc6e25 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9180ab77c83a 01dc9180ab77c83a Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc9180e837c801 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91808949a678 01dc9180c43fd4c1 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc9180ff81959a 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9180dae6e096 01dc9180dae6e096 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc91815cd40acb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91812d818b01 01dc918136377f56 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918198c92576 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918172211f37 01dc918172d2906c Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc9181ba07d8b8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc918193eb7009 01dc918193eb7009 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b214 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AD6A32B5-601E-16E5-91F0-9E74B97DDB53\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc9181ba07d8b8 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc918193eb7009 01dc918193eb7009 Prevent modification of system files | [AC14-2.1] Prevent modification of system files b214 C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\AD6A32B5-601E-16E5-91F0-9E74B97DDB53\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9181d4a64a41 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9181af178e06 01dc9181afc1f6dc Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
238 01dc91821a97f17f 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9181f38b0cc6 01dc9181f38d80ad Block | File and Folder Access Attempts (system32) bed4 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Windows\SysWOW64\mstsc.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc9182b0dfccd8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918288378e1b 01dc91828a1ea780 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9182f815c75b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9182b914a5c8 01dc9182d3cc959b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9184e95b1db9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9184c3560997 01dc9184c3f82a6b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918549e514ee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91852377c456 01dc918524377c6f Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91868d6939e9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918663c35387 01dc91866772ef61 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91876976e1ab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918742dfd2af 01dc9187437b7b3d Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9187f2226e92 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9187ad3e7149 01dc9187cbebe019 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc91888e97c19c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918866fe6495 01dc918867afaf1b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9188a2951d24 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9188599dcedb 01dc91887d9543e2 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9188e1d57181 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9188bc4bf0a1 01dc9188bd20626b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91891dbda74b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9188f6d351f2 01dc9188f7a869e9 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc918921115f20 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc9188fc3a5089 01dc9188fc3a5089 Block | File and Folder Access Attempts (program data) cfbc C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9189923bf71e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91896b438618 01dc91896c00be5a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9189deed5693 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9189b9230153 01dc9189ba66733d Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918ab443a1ef 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918a8db64ea0 01dc918a8e98d1ef Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918adfa6560c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918abaad5303 01dc918abb9e1b1b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918c5164121d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918c2bc30efe 01dc918c2c8514c0 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918cc28715dd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918c9ccdbd77 01dc918c9d88a263 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918cfb32e2bc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918cd3bc3595 01dc918cd4b9666a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918de1280fe1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918db95db000 01dc918dba2bad06 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918e1337f104 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918dec920eac 01dc918dedb6c0fb Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918e739730a0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918e4ecc7ac1 01dc918e4fab2efc Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc918fbaffd6d9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918f93884c14 01dc918f96a1768c Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91901ef5cb86 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc918ff84e6f0d 01dc918ffad536c7 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9190e01a9c0b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9190baa3e563 01dc9190bb44ac35 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc91912ffb60d4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91910ae9f577 01dc91910ba98f93 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9191ea9d0ee6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9191c2ef4583 01dc9191c3d2f2fa Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91925891f3a2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91922b7b6fd2 01dc919232dbff3d Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9192eb5bf3bf 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91927aedabda 01dc9192c4a1badf Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9193b9eac646 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9193926c98e2 01dc91939380b3fb Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9193e897a596 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9193c3032a17 01dc9193c3e29dc4 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc919410907329 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9193e911b5cc 01dc9193e9e0c818 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91951e6b596b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9194f6afe2df 01dc9194f96efa4c Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919599a5fa05 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91955583c2f6 01dc91957579ea80 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9196c8c785df 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9196a29ad8a4 01dc9196a395696a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9197334dd598 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9196e7941882 01dc91970f60dcec Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9197d66f531f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9197b0fb67b1 01dc9197b1d7dc84 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc91988dd99997 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919866fd6d8e 01dc9198699eeaff Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9198c6d5b17b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91989ee0433d 01dc9198a037bce9 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91996413c802 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91993d443d78 01dc91993e5ea667 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919ab1a09a28 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919a46a456bc 01dc919a8cb437ad Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919afe5d737b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919ad68bddcb 01dc919ad8335ed1 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919c488362cd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919c22ad2142 01dc919c23a7b1d5 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919c91c4c281 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919c57b4e40a 01dc919c6d824b3e Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919cc7259a6a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919ca16b96ae 01dc919ca26314c3 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc919ce87619b1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919cbe9cc65a 01dc919cc448580a Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc919d6da3f6b2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919d2b0116a5 01dc919d481b1040 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a0188ffec8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc919fce5c3236 01dc919ff17af211 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc91a05806782e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a032f5f411 01dc91a033c8b888 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a0e7579ed8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a09484dc2f 01dc91a0c370e7bf Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc91a120103612 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc91a0f9b485f8 01dc91a0f9b485f8 Block | File and Folder Access Attempts (program data) 7ce4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc91a17d7c4fcc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a153724c20 01dc91a1580fc20d Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a1f212bb07 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a1ca64ab06 01dc91a1cb65c8e8 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a27407cfb3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a22e046621 01dc91a24e224040 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a2d4c90db0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a2acfc526f 01dc91a2adca5f90 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a338d1c282 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a311afa191 01dc91a31289a25f Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a42fbbfd81 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a408a0c17f 01dc91a4097bd5f6 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a580a74060 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a55a211133 01dc91a55b34c2f1 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a5d0dd52aa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a5a9ab145d 01dc91a5aa93939e Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91a5fc2ab566 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a5d5c79bf1 01dc91a5d5c79bf1 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc91a68b510dc3 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc91a667156869 01dc91a667156869 Block | File and Folder Access Attempts (program data) 62dc C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc91a6d4bbd1f0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a6ae2123c5 01dc91a6af10f9c8 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc91a74607faba 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc91a71f12bf2d 01dc91a71f12bf2d Browser Restrictions | [AC13-1.2] Allow to launch system process b74c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2e9 01dc91a74607faba 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""44212" "\\.\pipe\gecko-crash-server-pipe.44212" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1012" "84"" Create Process 0000000000000000 01dc91a71fc2c747 01dc91a71fc2c747 Browser Restrictions | [AC13-1.2] Allow to launch system process acb4 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
28d 01dc91a7715e3df0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc91a74bf6e249 01dc91a74bf6e249 Prevent modification of system files | [AC14-2.1] Prevent modification of system files da4c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\B658865C-1F23-2A21-B334-A741BE9EE318\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc91a7715e3df0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91a74bf6e249 01dc91a74bf6e249 Prevent modification of system files | [AC14-2.1] Prevent modification of system files da4c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\B658865C-1F23-2A21-B334-A741BE9EE318\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc91a7715e3df0 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91a74bf6e249 01dc91a74bf6e249 Prevent modification of system files | [AC14-2.1] Prevent modification of system files da4c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\B658865C-1F23-2A21-B334-A741BE9EE318\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a7bab1706d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a794fcafb2 01dc91a795f8282e Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91a9b8835f04 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91a9914937ad 01dc91a9920c94d6 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ab1d378e60 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91aaba1ea6e5 01dc91aaf74ed77a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ab488c4ca8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ab2340abc6 01dc91ab23dec05f Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91ab987f3bb4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ab71e4100b 01dc91ab71e4100b Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc91aba28781dd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91ab7cc1a686 01dc91ab7cc1a686 Prevent modification of system files | [AC14-2.1] Prevent modification of system files da4c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\B658865C-1F23-2A21-B334-A741BE9EE318\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc91aba28781dd 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91ab7cc1a686 01dc91ab7cc1a686 Prevent modification of system files | [AC14-2.1] Prevent modification of system files da4c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\B658865C-1F23-2A21-B334-A741BE9EE318\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91ad502aa87d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ad22a84180 01dc91ad2a9ded39 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ad9614f914 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ad70e0ad0a 01dc91ad719e0022 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91addc11e968 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91adb69f7638 01dc91adb7986e10 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ae895e64ff 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ae631d5d94 01dc91ae6402a1cd Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91af7cb9f915 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91af56111bc6 01dc91af570818a1 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91afb1f9baee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91af8d3d6e74 01dc91af8e0de611 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91afdd4851af 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91afb712b631 01dc91afb7f1e225 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b051dfac5e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b02d43c795 01dc91b02dfeabd7 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b0f1d1994e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b0ca8dde93 01dc91b0cb9c27ad Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b195105e5d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b16e7e9499 01dc91b16f75a654 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b2b3c04601 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b28c50db11 01dc91b28d31ff3b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b34d4ca61c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b32366c715 01dc91b326e350be Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91b389442ea6 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91b36366e07a 01dc91b36366e07a Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc91b389442ea6 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91b3636e0793 01dc91b3636e0793 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc91b3a0a3f26a 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91b37b881b00 01dc91b37b881b00 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc91b3a3f89f71 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b35fafb1c9 01dc91b37f35e122 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
226 01dc91b3dcc370ac 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91b3b83e5d28 01dc91b3b83e5d28 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc91b45b8b012b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b424636806 01dc91b43772efcd Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b48a3405fe 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b464db23e5 01dc91b465b92809 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc91b4bf93ea03 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc91b4990bad2a 01dc91b4990bad2a Browser Restrictions | [AC13-1.2] Allow to launch system process 3938 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc91b4bf93ea03 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""52316" "\\.\pipe\gecko-crash-server-pipe.52316" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1008" "1020"" Create Process 0000000000000000 01dc91b499a01e12 01dc91b499a01e12 Browser Restrictions | [AC13-1.2] Allow to launch system process cc5c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
222 01dc91b4fb9d5a7b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b4d5e137de 01dc91b4d5e137de Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b50c470eba 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b4c28da331 01dc91b4e7b25518 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b5d7f6f5d1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b5b1cf4b9a 01dc91b5b2ead6de Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b6782c779d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b6399a69b8 01dc91b6541e9a34 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
00
223 01dc91b71b8c1cf6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b6f41944fe 01dc91b6f4f360ba Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b764e747e6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b740374acb 01dc91b7411b7b75 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91b7fe135b83 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b7bb888d68 01dc91b7d8363347 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b8518b6ada 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b82b8fabd8 01dc91b82c5f82a4 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b8a4fba9fb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b87dc1c1c2 01dc91b87e85dc93 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91b93aeb2fc3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b916efd4bc 01dc91b916efd4bc Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91b9f5882bc2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91b9d03eb6f7 01dc91b9d131e0f2 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ba6cfe8a9d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ba2fe37bfc 01dc91ba46617a9a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc91bad0f17c79 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc91baacc74bc6 01dc91baacc74bc6 Block | File and Folder Access Attempts (program data) 20fc C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc91bb4fe60878 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bb28ce2428 01dc91bb29d272d5 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc91bb77eca9ed 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc91bb52f57b32 01dc91bb52f57b32 Block | File and Folder Access Attempts (program data) 4544 C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260129.021\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
223 01dc91bbb4208d67 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bb8c86903c 01dc91bb9019041f Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91bd5bc95547 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bd35953504 01dc91bd368d1e99 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91bdc9b3df31 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bda29f66af 01dc91bda3f6d16e Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91be05b4cd09 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bdde60dfba 01dc91bddf80404d Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91be41b1c101 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91be1a33aef6 01dc91be1b1045e0 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91beb9c043ed 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91be916ea7b3 01dc91be92a8a721 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc91bf067c9eea 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc91bee04368a6 01dc91bee04368a6 Block | File and Folder Access Attempts (program data) 85c4 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
222 01dc91bf5690d956 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bf31a7d895 01dc91bf32ab64bc Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91bffd489cfc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91bfaeec30c5 01dc91bfd835c364 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c06163ab8d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c039f68e00 01dc91c03af1fe59 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c0c54ea358 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c09dfda960 01dc91c09f0bec37 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c122efabe3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c0e6cd22b9 01dc91c0fc12e731 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c18a89f6f2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c164f9f42b 01dc91c1660712f2 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c1b95eebcc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c192f28753 01dc91c19404fa7a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91c1f2176579 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c1aded9c63 01dc91c1cb398719 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91c260268fe1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c23a348c07 01dc91c23a8ff95b Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c32bdf1a32 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c3040ba933 01dc91c304f8ccbf Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c47c9ae5e0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c43811a5c8 01dc91c457907572 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c5b2a8b969 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c55717f3f5 01dc91c58ec12cd4 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c65c7be6ea 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c63659f8dc 01dc91c63731a6a0 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c71dc09ee6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c6f77159f9 01dc91c6f841bc01 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c76a715cdd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c735d358e7 01dc91c74551074d Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c7b3cee9a8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c78f23abc8 01dc91c78fea9be6 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c8252e0cab 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c7fde25363 01dc91c7fef5eabc Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c8d2532f16 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c8aca65b88 01dc91c8ad9ad037 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91c8ecf803c6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c8c804049e 01dc91c8c804049e Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91c93ce15fd6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c9177514a8 01dc91c918c6e72e Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91c9bb5d7bbc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c98f9e0a14 01dc91c99447ee78 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ca18bc59c2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91c9f1ffb49d 01dc91c9f2e11c5a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ca975a0986 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ca7231d5b3 01dc91ca73184804 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91cad021a751 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91caaa4af9b4 01dc91caab48d2d2 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91cb7d8d8bd2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91cb35426734 01dc91cb57410c48 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91cbbce903af 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91cb893c19e9 01dc91cb97423026 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cc 01dc91cd3bfc47a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc91cd1710223c 01dc91cd171284c7 Prevent modification of system files | [AC14-2.1] Prevent modification of system files bf3c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\54156340-683D-4FEF-AE3D-7C4EA5F5B17CMpCommU\mpam-84ed8e97.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc91cd3bfc47a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc91cd171284c7 01dc91cd171284c7 Prevent modification of system files | [AC14-2.1] Prevent modification of system files bf3c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\54156340-683D-4FEF-AE3D-7C4EA5F5B17CMpCommU\mpam-84ed8e97.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cd 01dc91cd3bfc47a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Write 0000000000000000 01dc91cd17174937 01dc91cd1719bddc Prevent modification of system files | [AC14-2.1] Prevent modification of system files bf3c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\F35C9215-E55B-4D2E-A192-5B6C0BC9D3DBMpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc91cd3bfc47a4 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=baee05cead26c8105363f244b6a630eeb0983e96c0f366ee05882f84a5dd324f File Delete 0000000000000000 01dc91cd1719bddc 01dc91cd1719bddc Prevent modification of system files | [AC14-2.1] Prevent modification of system files bf3c C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25110.6-0\MpCmdRun.exe 0 No Module Name C:\Windows\SystemTemp\F35C9215-E55B-4D2E-A192-5B6C0BC9D3DBMpCommU\UpdatePlatform.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91cda6af36eb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91cd7f49ce17 01dc91cd81e924f6 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ce07670916 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91cde175f069 01dc91cde23f3981 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ce93dff3b0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ce6c499eeb 01dc91ce6d5c3ffd Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2ce 01dc91cebbd62fd1 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Read 0000000000000000 01dc91ce96cc98c0 01dc91ce96cc98c0 All Applications | [AC7-2.1] File and Folder Access Attempts 7f50 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{18C34065-DEF3-4B57-B0BA-162183665239}\EDGEMITMP_838F5.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2d0 01dc91cebbd62fd1 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Delete 0000000000000000 01dc91ce96cc98c0 01dc91ce96cc98c0 All Applications | [AC7-2.1] File and Folder Access Attempts 7f50 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{18C34065-DEF3-4B57-B0BA-162183665239}\EDGEMITMP_838F5.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2cf 01dc91cebbd62fd1 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Write 0000000000000000 01dc91ce96cc98c0 01dc91ce96cc98c0 All Applications | [AC7-2.1] File and Folder Access Attempts 7f50 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{18C34065-DEF3-4B57-B0BA-162183665239}\EDGEMITMP_838F5.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\EdgeCore\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
2e6 01dc91cec5cfa9ba 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Read 0000000000000000 01dc91ce9f93b898 01dc91ce9f93b898 All Applications | [AC7-2.1] File and Folder Access Attempts 7f50 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{18C34065-DEF3-4B57-B0BA-162183665239}\EDGEMITMP_838F5.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source32592_1199182293\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e8 01dc91cec5cfa9ba 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Delete 0000000000000000 01dc91ce9f93b898 01dc91ce9f93b898 All Applications | [AC7-2.1] File and Folder Access Attempts 7f50 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{18C34065-DEF3-4B57-B0BA-162183665239}\EDGEMITMP_838F5.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source32592_1199182293\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
2e7 01dc91cec5cfa9ba 1f6 a 1 0 [AC7-2.1] Block scripts - Caller SHA256=76930a7d6bf9208db7ddd054ba5cb24970184d75091f9a9421d742c9264a0cc4 File Write 0000000000000000 01dc91ce9f93b898 01dc91ce9f93b898 All Applications | [AC7-2.1] File and Folder Access Attempts 7f50 C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{18C34065-DEF3-4B57-B0BA-162183665239}\EDGEMITMP_838F5.tmp\setup.exe 0 No Module Name C:\Program Files (x86)\Microsoft\Edge\Temp\source32592_1199182293\144.0.3719.92\show_third_party_software_licenses.bat Default SYSTEM NT AUTHORITY 1 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d09869dc71 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d0672c717b 01dc91d072f72915 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
0
223 01dc91d0e4e9c348 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d0bdd1233e 01dc91d0be7db55a Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d159794755 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d13343410a 01dc91d133e14851 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc91d159794755 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc91d1342e08ef 01dc91d1342e08ef Prevent modification of system files | [AC14-2.1] Prevent modification of system files d54c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A536AE62-17B1-049E-62B4-78B57FEFD858\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc91d159794755 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91d1342e08ef 01dc91d1342e08ef Prevent modification of system files | [AC14-2.1] Prevent modification of system files d54c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A536AE62-17B1-049E-62B4-78B57FEFD858\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc91d159794755 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91d1342e08ef 01dc91d1342e08ef Prevent modification of system files | [AC14-2.1] Prevent modification of system files d54c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A536AE62-17B1-049E-62B4-78B57FEFD858\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d21def0e60 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d1f8224972 01dc91d1f8e6b014 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d27e8f7261 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d257b2a40f 01dc91d25894f378 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d2be00c133 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d2968914f7 01dc91d2976f2875 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d2e93fdba3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d2c2cfcb61 01dc91d2c3943b9b Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91d3c5078376 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d39fea42cb 01dc91d39fea42cb Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d48ce72b3d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d467ab4bdb 01dc91d4689ad5d6 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc91d58a19d20d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91d565010067 01dc91d565010067 Prevent modification of system files | [AC14-2.1] Prevent modification of system files d54c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A536AE62-17B1-049E-62B4-78B57FEFD858\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc91d58a19d20d 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91d565010067 01dc91d565010067 Prevent modification of system files | [AC14-2.1] Prevent modification of system files d54c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\A536AE62-17B1-049E-62B4-78B57FEFD858\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91d6a27b82ee 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91d67b22c4a4 01dc91d67daae200 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91da82f34d22 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91da5e43d023 01dc91da5e43d023 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
238 01dc91db4e2aac6e 1f6 0 1 0 - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91db27973f87 01dc91db27973f87 Block | File and Folder Access Attempts (system32) 41f8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\Windows\SysWOW64\mstsc.exe Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc91db796cce23 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91db4e9b319f 01dc91db535a07d9 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91dcb9401cda 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91dc91a269ec 01dc91dc92513be9 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91dd55df0d09 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91dd308dc8f0 01dc91dd3163965f Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91de4267789a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91de18093084 01dc91de1cffb06a Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91ded8586f22 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91deb2a64caa 01dc91deb2a64caa Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91e01b83aff7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91dff1677757 01dc91dff5261574 Block Write | File and Folder Access Attempts 8414 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91e089612293 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e0646500fe 01dc91e0646500fe Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc91e1f12ab5f4 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc91e1cb675ebb 01dc91e1cb675ebb Browser Restrictions | [AC13-1.2] Allow to launch system process d2fc C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc91e1f12acaa5 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""24800" "\\.\pipe\gecko-crash-server-pipe.24800" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1000" "1004"" Create Process 0000000000000000 01dc91e1cc03fc25 01dc91e1cc03fc25 Browser Restrictions | [AC13-1.2] Allow to launch system process 60e0 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
222 01dc91e3a25dc425 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e37bcabe7f 01dc91e37bd1959d Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91e3eefcd63d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e3cac03a56 01dc91e3cac03a56 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91e50a2c9f20 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e4e4aca057 01dc91e4e57d02e0 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91e664f923f8 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91e63e03da53 01dc91e63e03da53 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc91e664f923f8 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91e63e064997 01dc91e63e064997 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc91e67c55c812 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91e655408085 01dc91e655408085 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc91e6b1cb3576 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc91e68ac1adc2 01dc91e68ac1adc2 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
222 01dc91e8ca73f552 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e8a3ece2dc 01dc91e8a3ece2dc Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91e9032d4ea2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e8daf0050b 01dc91e8de35c25e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91e9352d9c9c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e8f276b12a 01dc91e910736108 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91e96734ab11 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e93f5537aa 01dc91e9401c0d95 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91e9cb2ae9a3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91e9809f67b7 01dc91e9a6e2cf16 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ea573700ff 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ea0d161aca 01dc91ea30503942 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
286 01dc91eac1d7b38a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc91ea9b58a64e 01dc91ea9b58a64e Block | File and Folder Access Attempts (program data) c5a0 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWPD_712(microtechc) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
222 01dc91eb18574804 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91eaf188c447 01dc91eaf188c447 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91eb330a0afd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91eb0e2bf768 01dc91eb0eccc244 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91eb7902da69 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91eb52a98117 01dc91eb53885e3c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ecc5f32f3d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91eca07e1ff9 01dc91eca1500b55 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ed37382f0c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ecf591a9e8 01dc91ed10fe1999 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91ed51d6246c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ed2b0c6b72 01dc91ed2b0c6b72 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ee485468d1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ee2153afd2 01dc91ee21f650d6 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ee70418ca3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ee48bb74c2 01dc91ee49967fd0 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc91ef69f46378 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc91ef44e06cf6 01dc91ef44e06cf6 Browser Restrictions | [AC13-1.2] Allow to launch system process 8070 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2eb 01dc91ef69f46378 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""35944" "\\.\pipe\gecko-crash-server-pipe.35944" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "1012" "1020"" Create Process 0000000000000000 01dc91ef457287c6 01dc91ef457287c6 Browser Restrictions | [AC13-1.2] Allow to launch system process 8c68 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
223 01dc91ef8ea06782 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ef69134422 01dc91ef69aa1f7b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91ef9f43261c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ef7a710dfa 01dc91ef7a710dfa Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91eff93579db 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91efd452d84d 01dc91efd4f34131 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f07133856f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f030a524f9 01dc91f04d671341 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f15dda9706 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f1389e0e7f 01dc91f1395b368d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91f1f6fc4609 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f1d162ed77 01dc91f1d162ed77 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f2439a1116 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f21d4bf691 01dc91f21f8fa74c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91f28cdb7206 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f25b73f0c1 01dc91f2677fd65a Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f2dcb4125d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f2900801f5 01dc91f2b67df55c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc91f46c7eb72a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91f4489661b9 01dc91f4489d888e Block | File and Folder Access Attempts (program data) d254 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc91f46c7eb72a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91f4489661b9 01dc91f4489b2628 Block | File and Folder Access Attempts (program data) d254 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc91f47323a07a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f44c489956 01dc91f44c489956 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f4a50d0d05 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f48020defa 01dc91f480be7370 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc91f4bc5df631 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91f48808ed68 01dc91f4979ab39e Block | File and Folder Access Attempts (program data) d254 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc91f4bfb4e8f7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91f484ddd682 01dc91f49a7713e8 Block | File and Folder Access Attempts (program data) d254 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc91f4ccfbb1f3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f4a608a838 01dc91f4a6c366bb Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f4f189a451 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f4cb6acefa 01dc91f4cc667748 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f5c9f9e6ba 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f5a574920f 01dc91f5a60b82da Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91f5eb49a3f3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f5c3c63004 01dc91f5c4fb149f Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f60fef6d02 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f5e94fbb40 01dc91f5ea13c2b8 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f6488120d8 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f6241528dc 01dc91f624bcd56f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f6811ecce7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f65b3f82d5 01dc91f65be08402 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91f6e4f4afa7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f6bde894cb 01dc91f6bde894cb Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f77ae0b2f1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f753bb34c7 01dc91f7549c7513 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f79f887a18 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f779916295 01dc91f77a42a6ab Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc91f7a98936ce 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91f772603959 01dc91f7857a4c65 Block | File and Folder Access Attempts (program data) dd18 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26b 01dc91f7acdce859 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91f770c67e07 01dc91f786b24fda Block | File and Folder Access Attempts (program data) dd18 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc91f81af7805e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f7f5cdd578 01dc91f7f69e35d4 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f8fa209c1a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f8d26bf3ff 01dc91f8d34e97cc Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91f8fa209c1a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f8d3102b46 01dc91f8d3102b46 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f96b5c9df5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f9448602f0 01dc91f945578aff Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91f9f09071d0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f9ca8eb54a 01dc91f9cb5e6e7d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91fa048de88b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91f9e02ab5f8 01dc91f9e02ab5f8 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91fa7c701da1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fa3ccc73bd 01dc91fa5712fd0a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc91fa9db7c9d5 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91fa6e926874 01dc91fa7971e11a Block | File and Folder Access Attempts (program data) d100 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc91faa10d386a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91fa70f51345 01dc91fa7be52bdb Block | File and Folder Access Attempts (program data) d100 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc91faea3f7835 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fac18216dc 01dc91fac3531128 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91fb0b84b5ad 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fae5a2dee0 01dc91fae5a2dee0 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28d 01dc91fb44214c6c 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Write 0000000000000000 01dc91fb1d09d2d6 01dc91fb1d09d2d6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 298c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E2399C01-1380-C940-087B-8641A0640363\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc91fb44214c6c 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91fb1d09d2d6 01dc91fb1d09d2d6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 298c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E2399C01-1380-C940-087B-8641A0640363\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc91fb44214c6c 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91fb1d09d2d6 01dc91fb1d09d2d6 Prevent modification of system files | [AC14-2.1] Prevent modification of system files 298c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E2399C01-1380-C940-087B-8641A0640363\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91fbbc037d86 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fb947946d6 01dc91fb9549d0a6 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91fc0c15092f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fbe7485b87 01dc91fbe7485b87 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91fc8df5d37b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fc682b6fcc 01dc91fc68fbdad2 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91fcd3e66a49 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fc9be916f7 01dc91fcae753ccc Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91fcee87a029 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fcc8b2f7be 01dc91fcc8b2f7be Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc91fdc6e6f91c 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91fda242b496 01dc91fda242b496 Block | File and Folder Access Attempts (program data) 4230 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc91fdd0e7c23c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fdaa2fff4e 01dc91fdaa2fff4e Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91fe4579a6f4 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fe1715b2b0 01dc91fe1e5eb83d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc91fe7ace8ce5 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91fe54a72307 01dc91fe54a98577 Block | File and Folder Access Attempts (program data) e57c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc91fe7e23b5c9 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc91fe5621a0aa 01dc91fe59e7808a Block | File and Folder Access Attempts (program data) e57c C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
222 01dc91feacce78c0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91fe87feb08b 01dc91fe87feb08b Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ff3c19abd2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ff154e5cf8 01dc91ff15ec0d07 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
28e 01dc91ff74ad9f76 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91ff4dd79dda 01dc91ff4dd79dda Prevent modification of system files | [AC14-2.1] Prevent modification of system files 298c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E2399C01-1380-C940-087B-8641A0640363\MPGEAR.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
290 01dc91ff74ad9f76 1f6 4 1 0 [AC14-2.1] Prevent modification of system files - Caller SHA256=be9d91ac1b812166cb8ff10458fd18d807ef6ef5a4e1731870cd135dac777758 File Delete 0000000000000000 01dc91ff4dd79dda 01dc91ff4dd79dda Prevent modification of system files | [AC14-2.1] Prevent modification of system files 298c C:\Windows\System32\MRT.exe 0 No Module Name C:\Windows\System32\MRT\E2399C01-1380-C940-087B-8641A0640363\MPENGINE.DLL Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc91ff9951f104 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ff726c142a 01dc91ff726c142a Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc91ffad56a815 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc91ff8679d825 01dc91ff872d8e8c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc92002f3fec4a 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc920008ff2b1c 01dc920008ff2b1c Block | File and Folder Access Attempts (program data) 392c C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260130.003\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
222 01dc92007f35c0c9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9200595cc2be 01dc9200595cc2be Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc9200aa89f92e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92007cb89c3e 01dc92008477890a Block | File and Folder Access Attempts (program data) db8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc9200aa89f92e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9200824c1f9f 01dc92008583ce71 Block | File and Folder Access Attempts (program data) db8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
26a 01dc9200b133b8fe 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc92008d1fc055 01dc92008d1fc055 Block | File and Folder Access Attempts (program data) 43d8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc9200b48b1f83 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9200842fac65 01dc92008de43b0e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26b 01dc9200b48b1f83 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc920089d9cdc4 01dc92008eb71c56 Block | File and Folder Access Attempts (program data) 43d8 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1991-06.com.microsoft Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc9200f72cd1b7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9200b1cab0ac 01dc9200d07b98bf Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92014db8d406 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9201267f7ffa 01dc92012713f4ee Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92015e671917 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920139af3b47 01dc920139af3b47 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
26a 01dc9201cfaa375f 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=c089d94d90eb3efaabd1200c17dc232000902df88247f98da7c00df3ad344319 File Read 0000000000000000 01dc9201a917f05d 01dc9201a917f05d Block | File and Folder Access Attempts (program data) 4a60 C:\Program Files (x86)\Plesk\Additional\PleskPHP74\php-cgi.exe 0 No Module Name C:\ProgramData\regid.1992-12.com.symantec Default IWPD_801(traduongco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc9201d65b22f2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92019b7eb61e 01dc9201afa9bb77 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9202478c1d6d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9202233da2da 01dc9202233da2da Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92032d5a6294 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920308107ae3 01dc920308107ae3 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc92036c9b36d5 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92033f307aec 01dc9203469f12e1 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9203bca5047c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9203966e491c 01dc920398d86981 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92042a8d8171 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920403c00e83 01dc9204048b1dd4 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc920477268243 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920450e10d05 01dc920450e10d05 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9204b30f1eb0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92048c946e82 01dc92048d5402c4 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920527a9be78 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92050217e5b5 01dc920502d2cd30 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92063c3e71d2 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92061583c14b 01dc920616677924 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9206a040d17f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92067ba44b77 01dc92067c74a8ce Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9206f3846248 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9206cebd3255 01dc9206cebd3255 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9207e004e0aa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9207bb9dc5e8 01dc9207bc371b9f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92084dda0d67 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920815378aca 01dc920828b68c52 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
285 01dc920889e60756 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=4fdab4185d88f8b569eac318ed4cfae3d7e6bc105101f235a696f18616efd80a File Read 0000000000000000 01dc920863234072 01dc920863234072 Block | File and Folder Access Attempts (program data) b898 C:\Windows\SysWOW64\WerFault.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Sysfer\x86\sysfer.dll Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 7c0c8 00000002 00000000000000000000000000000000 00000000
223 01dc9208ab3348a9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92086eb14f2b 01dc92088608963b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9209230bc559 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9208fd0157d0 01dc9208fd0157d0 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92098a72f9eb 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9209643bf089 01dc92096505906c Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9209e79dff3f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9209beeb7411 01dc9209c11940df Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920a26eadff6 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920a008d9913 01dc920a01577288 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc920b312f4128 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920b0c0fd3a6 01dc920b0c0fd3a6 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920be19c3195 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920bbd08828c 01dc920bbdb0310d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920c1d9166d7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920bf714f73e 01dc920bf7d22384 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920ca2c4bdce 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920c7b2f0570 01dc920c7d7a0ddf Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc920d0a0f3f7f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920ce51a64be 01dc920ce51a64be Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920d1ab4fe9f 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920cf3bf62d4 01dc920cf45e088e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920dc485b209 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920d7ab5f7fe 01dc920d9d8e9962 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920e4cfa5a92 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920e24a30068 01dc920e26337879 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc920e9634cc7e 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc920e71545677 01dc920e71545677 Block | File and Folder Access Attempts (program data) 905c C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260130.003\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
222 01dc920eecd3dffd 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920ec6b236a3 01dc920ec6b236a3 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc920f680c35aa 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc920f408050de 01dc920f419d53cb Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92109a704f5b 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921054ade5a3 01dc921074eda192 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9210bbc43599 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9210963d27f7 01dc9210963d27f7 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92110ba754b1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9210e633d94d 01dc9210e6f85ad7 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
298 01dc92119e3cfa61 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=02f6a04b3373f195152fb1b4aeafe25bf8ef4411dc020c2238c541bcc3dc309b File Read 0000000000000000 01dc9211792598f9 01dc9211792598f9 Block | File and Folder Access Attempts (program data) 8370 C:\Windows\System32\rundll32.exe 0 No Module Name C:\ProgramData\Symantec\Symantec Endpoint Protection\14.3.11216.9000.105\Data\Definitions\SDSDefs\20260130.003\Eraser64.dll Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 4a58c0 00000002 00000000000000000000000000000000 00000000
223 01dc9211da39d812 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9211b30c473b 01dc9211b3c4ca87 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9212662bc18c 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92122eed9044 01dc92124170a0bd Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9212877a96d3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92126257fbae 01dc92126257fbae Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
214 01dc9213ca747d75 1f6 0 1 0 - Caller SHA256=5a30be379375544e4e6a14fd947373ff006e91fa751d441d7fd166143c2cc1b9 File Read 0000000000000000 01dc9213a4da118c 01dc9213a4da118c Block | File and Folder Access Attempts (Public) a9b0 C:\Windows\System32\RuntimeBroker.exe 0 No Module Name C:\Users\Public\desktop.ini Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
223 01dc9214ad1dc9c3 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921468cce080 01dc921488ce977f Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9214bdcbacc7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92149779aaaf 01dc92149779aaaf Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9214e5d0fcdc 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9214c0082e2c 01dc9214c0ab18de Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92154d12c4c1 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92152423782c 01dc921527fb5c0b Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921696901af7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92165feb9535 01dc921670362a80 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9216f3d0b942 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9216ce9ceb1e 01dc9216cf508ca7 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc92175e5ea87d 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921736a9ab4e 01dc921737544497 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9217b4e99a60 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92177fc61295 01dc92178ecdada9 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc9218017345d9 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9217daf4b253 01dc9217dbc7ac76 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921858138575 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92183051ff41 01dc92183119232d Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921923210169 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9218fc706dd7 01dc9218fd481adb Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc921933c6694f 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc921910012486 01dc921910012486 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
22c 01dc92193718c6b2 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92191005dd77 01dc92191005dd77 Block | File and Folder Access Attempts (Public) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Users\Public\Downloads\desktop.ini Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 ae 00000002 00000000000000000000000000000000 00000000
226 01dc92194b0b5503 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc9219256e44ab 01dc9219256e44ab Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
226 01dc921980552e80 1f6 0 1 0 - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc92195a557ea7 01dc92195a557ea7 Block | File and Folder Access Attempts (system32) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\Windows\SysWOW64\mstsc.exe Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 14e800 00000002 00000000000000000000000000000000 00000000
223 01dc9219a85666b7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc92195f1197e9 01dc9219838fa718 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9219cce84bb0 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921982a268f2 01dc9219a6f39b80 Block Write | File and Folder Access Attempts 26c8 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc9219e78b8e8a 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc9219a7dbdaa9 01dc9219c2a71a32 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921a58ae84de 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921a333861c0 01dc921a33e9a85e Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921ac33c9c4e 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921a9dea2b87 01dc921a9eb0f6a2 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921b1d1d0631 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921af69403a4 01dc921af73e1e51 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
223 01dc921bbd455255 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921b9695d253 01dc921b976d733a Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23c 01dc921c068e295b 1f6 0 1 0 - Caller SHA256=45d8d8c878be23e1a41509ff0139dc3aa107956365f75b0f752e8b162357c2eb File Read 0000000000000000 01dc921be177144b 01dc921be17976b5 Block | File and Folder Access Attempts (Temp) 9440 C:\Windows\System32\taskhostw.exe 0 No Module Name C:\Windows\Temp\SDIAG_cd19df85-0b26-45b9-a5bf-0d2a32cea016\CL_Utility.ps1 Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23e 01dc921c068e295b 1f6 0 1 0 - Caller SHA256=45d8d8c878be23e1a41509ff0139dc3aa107956365f75b0f752e8b162357c2eb File Delete 0000000000000000 01dc921be177144b 01dc921be177144b Block | File and Folder Access Attempts (Temp) 9440 C:\Windows\System32\taskhostw.exe 0 No Module Name C:\Windows\Temp\SDIAG_cd19df85-0b26-45b9-a5bf-0d2a32cea016\CL_Utility.ps1 Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
23d 01dc921c068e295b 1f6 0 1 0 - Caller SHA256=45d8d8c878be23e1a41509ff0139dc3aa107956365f75b0f752e8b162357c2eb File Write 0000000000000000 01dc921be177144b 01dc921be17976b5 Block | File and Folder Access Attempts (Temp) 9440 C:\Windows\System32\taskhostw.exe 0 No Module Name C:\Windows\Temp\SDIAG_cd19df85-0b26-45b9-a5bf-0d2a32cea016\CL_Utility.ps1 Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
222 01dc921c09e553f7 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921be0b99772 01dc921be323da35 Block Write | File and Folder Access Attempts a618 C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWAM_plesk(default) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
259 01dc921c09e553f7 1f6 0 1 0 chan toan bo file .exe, .bat, .vbs - Caller SHA256=884789162d119ff500d7269d0b1c6a84769a089124715274552800241207f75c File Read 0000000000000000 01dc921be30fca0a 01dc921be3131a06 Block | File and Folder Access Attempts (program data) 898 C:\Program Files (x86)\ossec-agent\wazuh-agent.exe 0 No Module Name c:\ProgramData\regid.1991-06.com.microsoft Default SYSTEM NT AUTHORITY 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 1000 00000002 00000000000000000000000000000000 00000000
223 01dc921c6728a103 1f6 0 1 0 - Caller SHA256=a4e1a5b1489b316064f083c4cd7bfc83b70ee4684a4d97d1ad1c4e6d648161a3 File Write 0000000000000000 01dc921c1e058fcd 01dc921c41943aa8 Block Write | File and Folder Access Attempts 7e0c C:\Windows\SysWOW64\inetsrv\w3wp.exe 0 No Module Name C:\Windows\SysWOW64\inetsrv\system.mdb Default IWPD_714(hanoiiecco) LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 0 00000002 00000000000000000000000000000000 00000000
35d 01dc921c9c7c3d64 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments="--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate" Create Process 0000000000000000 01dc921c77cb9712 01dc921c77cb9712 Browser Restrictions | [AC13-1.2] Allow to launch system process 748c C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\firefox.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 a6080 00000002 00000000000000000000000000000000 00000000
2ea 01dc921c9c7c3d64 1f6 5 0 0 [AC13-1.2] Allow to launch system process - Caller SHA256=2200232af3075908082c6e3853057889e4dbc3cec8459df2b70e0144b7b7af31 - Target Arguments=""40596" "\\.\pipe\gecko-crash-server-pipe.40596" "C:\Users\ADMINI~1\AppData\Local\Temp\\" "940" "1016"" Create Process 0000000000000000 01dc921c785db39d 01dc921c785db39d Browser Restrictions | [AC13-1.2] Allow to launch system process 9e94 C:\Program Files\Mozilla Firefox\firefox.exe 0 No Module Name C:\Program Files\Mozilla Firefox\crashhelper.exe Default Administrator LAKE 0 3 164a8367 SCSI\Disk&Ven_Msft&Prod_Virtual_Disk\5&d7f742c&0&000000 52280 00000002 00000000000000000000000000000000 00000000
|
:: Command execute :: | |
--[ c99shell v. 2.1 [PHP 8 Update] [02.02.2022] maintained byC99Shell Github | Generation time: 0.5727 ]-- |