Documente Academic
Documente Profesional
Documente Cultură
dows\system32\drivers\aliide.sys
16:38:48.0874 10456 aliide - ok
16:38:48.0899 10456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide
C:\Win
dows\system32\drivers\amdide.sys
16:38:48.0915 10456 amdide - ok
16:38:48.0960 10456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8
C:\Win
dows\system32\DRIVERS\amdk8.sys
16:38:49.0148 10456 AmdK8 - ok
16:38:49.0160 10456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM
C:\Win
dows\system32\DRIVERS\amdppm.sys
16:38:49.0255 10456 AmdPPM - ok
16:38:49.0319 10456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata
C:\Win
dows\system32\drivers\amdsata.sys
16:38:49.0372 10456 amdsata - ok
16:38:49.0410 10456 [ EB7A232A20D3EE8115F5CE881C6316C4 ] amdsbs
C:\Win
dows\system32\DRIVERS\amdsbs.sys
16:38:49.0478 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\amdsb
s.sys. Real md5: EB7A232A20D3EE8115F5CE881C6316C4, Fake md5: F67F933E79241ED32FF
46A4F29B5120B
16:38:49.0478 10456 amdsbs ( ForgedFile.Multi.Generic ) - warning
16:38:49.0478 10456 amdsbs - detected ForgedFile.Multi.Generic (1)
16:38:49.0514 10456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata
C:\Win
dows\system32\drivers\amdxata.sys
16:38:49.0574 10456 amdxata - ok
16:38:49.0617 10456 [ 89A69C3F2F319B43379399547526D952 ] AppID
C:\Win
dows\system32\drivers\appid.sys
16:38:49.0846 10456 AppID - ok
16:38:49.0882 10456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc
C:\Win
dows\System32\appidsvc.dll
16:38:50.0080 10456 AppIDSvc - ok
16:38:50.0151 10456 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo
C:\Win
dows\System32\appinfo.dll
16:38:50.0325 10456 Appinfo - ok
16:38:50.0403 10456 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:
\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
16:38:50.0465 10456 Apple Mobile Device - ok
16:38:50.0523 10456 [ C484F8CEB1717C540242531DB7845C4E ] arc
C:\Win
dows\system32\DRIVERS\arc.sys
16:38:50.0556 10456 arc - ok
16:38:50.0562 10456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas
C:\Win
dows\system32\DRIVERS\arcsas.sys
16:38:50.0607 10456 arcsas - ok
16:38:50.0654 10456 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Wi
ndows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:38:50.0699 10456 ArcSoftKsUFilter - ok
16:38:50.0746 10456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac
C:\Win
dows\system32\DRIVERS\asyncmac.sys
16:38:50.0946 10456 AsyncMac - ok
16:38:51.0003 10456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi
C:\Win
dows\system32\drivers\atapi.sys
16:38:51.0029 10456 atapi - ok
16:38:51.0082 10456 [ 73877CCD74A0D9B065B8C5A02114EA10 ] athr
C:\Win
dows\system32\DRIVERS\athrx.sys
16:38:51.0361 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\athrx
.sys. Real md5: 73877CCD74A0D9B065B8C5A02114EA10, Fake md5: 5D4529AC4156E16BEDB0
1441AE0CF984
16:38:51.0376 10456 athr ( ForgedFile.Multi.Generic ) - warning
16:38:51.0376 10456 athr - detected ForgedFile.Multi.Generic (1)
16:38:51.0405 10456 [ D6F8ED39444B5BEC033ACD76D41413FF ] AudioEndpointBuilder C
:\Windows\System32\Audiosrv.dll
16:38:51.0474 10456 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll.
Real md5: D6F8ED39444B5BEC033ACD76D41413FF, Fake md5: F23FEF6D569FCE88671949894
A8BECF1
16:38:51.0476 10456 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
16:38:51.0476 10456 AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1
)
16:38:51.0482 10456 [ D6F8ED39444B5BEC033ACD76D41413FF ] AudioSrv
C:\Win
dows\System32\Audiosrv.dll
16:38:51.0485 10456 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll.
Real md5: D6F8ED39444B5BEC033ACD76D41413FF, Fake md5: F23FEF6D569FCE88671949894
A8BECF1
16:38:51.0487 10456 AudioSrv ( ForgedFile.Multi.Generic ) - warning
16:38:51.0487 10456 AudioSrv - detected ForgedFile.Multi.Generic (1)
16:38:51.0523 10456 [ FC89DFDD6B9E5E7D86B06432E990401E ] AVerAVF2
C:\Win
dows\system32\DRIVERS\AVerAVF2.sys
16:38:51.0600 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\AVerA
VF2.sys. Real md5: FC89DFDD6B9E5E7D86B06432E990401E, Fake md5: 59E75082DC7DA2525
92EC3489A2CF4EA
16:38:51.0603 10456 AVerAVF2 ( ForgedFile.Multi.Generic ) - warning
16:38:51.0603 10456 AVerAVF2 - detected ForgedFile.Multi.Generic (1)
16:38:51.0647 10456 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp
C:\Win
dows\system32\drivers\avgtpx64.sys
16:38:51.0689 10456 avgtp - ok
16:38:51.0753 10456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV
C:\Win
dows\System32\AxInstSV.dll
16:38:51.0946 10456 AxInstSV - ok
16:38:52.0011 10456 [ 3E7FA18FEA3BE0AF9614DE5C65092795 ] b06bdrv
C:\Win
dows\system32\DRIVERS\bxvbda.sys
16:38:52.0061 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\bxvbd
a.sys. Real md5: 3E7FA18FEA3BE0AF9614DE5C65092795, Fake md5: 3E5B191307609F75141
48C6832BB0842
16:38:52.0062 10456 b06bdrv ( ForgedFile.Multi.Generic ) - warning
16:38:52.0062 10456 b06bdrv - detected ForgedFile.Multi.Generic (1)
16:38:52.0086 10456 [ A51E3C2C28CC549C77C41CE609F3C89F ] b57nd60a
C:\Win
dows\system32\DRIVERS\b57nd60a.sys
16:38:52.0136 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\b57nd
60a.sys. Real md5: A51E3C2C28CC549C77C41CE609F3C89F, Fake md5: B5ACE6968304A3900
EEB1EBFD9622DF2
16:38:52.0137 10456 b57nd60a ( ForgedFile.Multi.Generic ) - warning
16:38:52.0137 10456 b57nd60a - detected ForgedFile.Multi.Generic (1)
16:38:52.0211 10456 [ CE5A6AB907758186A5B5536B7ED78323 ] BackupStack
C:\Pro
gram Files (x86)\MyPC Backup\BackupStack.exe
16:38:52.0282 10456 BackupStack - ok
16:38:52.0332 10456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC
C:\Win
dows\System32\bdesvc.dll
16:38:52.0501 10456 BDESVC - ok
16:38:52.0528 10456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep
C:\Win
dows\system32\drivers\Beep.sys
16:38:52.0697 10456 Beep - ok
16:38:52.0752 10456 [ 99337200D3F66033B87F19A70B2B2DEC ] BFE
C:\Win
dows\System32\bfe.dll
16:38:52.0820 10456 Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real
md5: 99337200D3F66033B87F19A70B2B2DEC, Fake md5: 82974D6A2FD19445CC5171FC378668
A4
16:38:52.0822 10456 BFE ( ForgedFile.Multi.Generic ) - warning
16:38:52.0822 10456 BFE - detected ForgedFile.Multi.Generic (1)
16:38:52.0831 10456 [ 5E70BFA2F6D20D0CE0C4BC8CB9978695 ] BITS
C:\Win
dows\System32\qmgr.dll
16:38:52.0861 10456 Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Rea
dows\system32\DRIVERS\evbda.sys
16:38:59.0763 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\evbda
.sys. Real md5: 089813CB08A9A6948B7C5CD30B0B55C1, Fake md5: DC5D737F51BE844D8C82
C695EB17372F
16:38:59.0789 10456 ebdrv ( ForgedFile.Multi.Generic ) - warning
16:38:59.0789 10456 ebdrv - detected ForgedFile.Multi.Generic (1)
16:38:59.0843 10456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS
C:\Win
dows\System32\lsass.exe
16:39:00.0030 10456 EFS - ok
16:39:00.0128 10456 [ 43AD2E10E31F1AEB60D8296C1B966287 ] ehRecvr
C:\Win
dows\ehome\ehRecvr.exe
16:39:00.0322 10456 Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Rea
l md5: 43AD2E10E31F1AEB60D8296C1B966287, Fake md5: C4002B6B41975F057D98C439030CE
A07
16:39:00.0331 10456 ehRecvr ( ForgedFile.Multi.Generic ) - warning
16:39:00.0331 10456 ehRecvr - detected ForgedFile.Multi.Generic (1)
16:39:00.0361 10456 [ A6761BA0C8FA8DE5851AF7A679112599 ] ehSched
C:\Win
dows\ehome\ehsched.exe
16:39:00.0376 10456 Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Rea
l md5: A6761BA0C8FA8DE5851AF7A679112599, Fake md5: 4705E8EF9934482C5BB488CE28AFC
681
16:39:00.0376 10456 ehSched ( ForgedFile.Multi.Generic ) - warning
16:39:00.0376 10456 ehSched - detected ForgedFile.Multi.Generic (1)
16:39:00.0396 10456 [ FB016CA5AA7BB5E071CAFB6A0D7BA54B ] elxstor
C:\Win
dows\system32\DRIVERS\elxstor.sys
16:39:00.0448 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\elxst
or.sys. Real md5: FB016CA5AA7BB5E071CAFB6A0D7BA54B, Fake md5: 0E5DA5369A0FCAEA12
456DD852545184
16:39:00.0450 10456 elxstor ( ForgedFile.Multi.Generic ) - warning
16:39:00.0450 10456 elxstor - detected ForgedFile.Multi.Generic (1)
16:39:00.0469 10456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev
C:\Win
dows\system32\drivers\errdev.sys
16:39:00.0574 10456 ErrDev - ok
16:39:00.0625 10456 [ F94C41F8FA965F031D3E961CD80E5E8F ] EventSystem
C:\Win
dows\system32\es.dll
16:39:00.0642 10456 Suspicious file (Forged): C:\Windows\system32\es.dll. Real
md5: F94C41F8FA965F031D3E961CD80E5E8F, Fake md5: 4166F82BE4D24938977DD1746BE9B8A
0
16:39:00.0644 10456 EventSystem ( ForgedFile.Multi.Generic ) - warning
16:39:00.0644 10456 EventSystem - detected ForgedFile.Multi.Generic (1)
16:39:00.0662 10456 [ FECB77B39816ADA633949F4E27BC6026 ] exfat
C:\Win
dows\system32\drivers\exfat.sys
16:39:00.0711 10456 Suspicious file (Forged): C:\Windows\system32\drivers\exfat
.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: A510C654EC00C1E9BDD9
1EEB3A59823B
16:39:00.0711 10456 exfat ( ForgedFile.Multi.Generic ) - warning
16:39:00.0711 10456 exfat - detected ForgedFile.Multi.Generic (1)
16:39:00.0716 10456 [ C522C1DB31CC1F90B5D21992FD30E2AB ] fastfat
C:\Win
dows\system32\drivers\fastfat.sys
16:39:00.0744 10456 Suspicious file (Forged): C:\Windows\system32\drivers\fastf
at.sys. Real md5: C522C1DB31CC1F90B5D21992FD30E2AB, Fake md5: 0ADC83218B66A6DB38
0C330836F3E36D
16:39:00.0746 10456 fastfat ( ForgedFile.Multi.Generic ) - warning
16:39:00.0746 10456 fastfat - detected ForgedFile.Multi.Generic (1)
16:39:00.0799 10456 [ 9159A2D73D2B652D6EF06B82F4ACCFFE ] Fax
C:\Win
dows\system32\fxssvc.exe
16:39:00.0866 10456 Suspicious file (Forged): C:\Windows\system32\fxssvc.exe. R
eal md5: 9159A2D73D2B652D6EF06B82F4ACCFFE, Fake md5: DBEFD454F8318A0EF691FDD2EAA
B44EB
16:39:00.0868 10456 Fax ( ForgedFile.Multi.Generic ) - warning
dows\system32\DRIVERS\gagp30kx.sys
16:39:02.0757 10456 gagp30kx - ok
16:39:02.0820 10456 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM
C:\Win
dows\system32\DRIVERS\GEARAspiWDM.sys
16:39:02.0906 10456 GEARAspiWDM - ok
16:39:02.0939 10456 [ 7E31A55776827C483B057B22D5697EFC ] gpsvc
C:\Win
dows\System32\gpsvc.dll
16:39:02.0994 10456 Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Re
al md5: 7E31A55776827C483B057B22D5697EFC, Fake md5: 277BBC7E1AA1EE957F573A10ECA7
EF3A
16:39:02.0996 10456 gpsvc ( ForgedFile.Multi.Generic ) - warning
16:39:02.0996 10456 gpsvc - detected ForgedFile.Multi.Generic (1)
16:39:03.0046 10456 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdate
C:\Pro
gram Files (x86)\Google\Update\GoogleUpdate.exe
16:39:03.0063 10456 Suspicious file (Forged): C:\Program Files (x86)\Google\Upd
ate\GoogleUpdate.exe. Real md5: E6FE1D6D33D67FD0288E02B40FC97C86, Fake md5: F02A
533F517EB38333CB12A9E8963773
16:39:03.0063 10456 gupdate ( ForgedFile.Multi.Generic ) - warning
16:39:03.0063 10456 gupdate - detected ForgedFile.Multi.Generic (1)
16:39:03.0076 10456 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdatem
C:\Pro
gram Files (x86)\Google\Update\GoogleUpdate.exe
16:39:03.0088 10456 Suspicious file (Forged): C:\Program Files (x86)\Google\Upd
ate\GoogleUpdate.exe. Real md5: E6FE1D6D33D67FD0288E02B40FC97C86, Fake md5: F02A
533F517EB38333CB12A9E8963773
16:39:03.0088 10456 gupdatem ( ForgedFile.Multi.Generic ) - warning
16:39:03.0088 10456 gupdatem - detected ForgedFile.Multi.Generic (1)
16:39:03.0134 10456 [ 5F9A0013AB787BCFA38523CE57749A61 ] gusvc
C:\Pro
gram Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:39:03.0222 10456 Suspicious file (Forged): C:\Program Files (x86)\Google\Com
mon\Google Updater\GoogleUpdaterService.exe. Real md5: 5F9A0013AB787BCFA38523CE5
7749A61, Fake md5: 5D4BC124FAAE6730AC002CDB67BF1A1C
16:39:03.0222 10456 gusvc ( ForgedFile.Multi.Generic ) - warning
16:39:03.0222 10456 gusvc - detected ForgedFile.Multi.Generic (1)
16:39:03.0279 10456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir
C:\Win
dows\system32\drivers\hcw85cir.sys
16:39:03.0452 10456 hcw85cir - ok
16:39:03.0486 10456 [ F8BF7AC80F6F693FB61227358B524761 ] HdAudAddService C:\Win
dows\system32\drivers\HdAudio.sys
16:39:03.0523 10456 Suspicious file (Forged): C:\Windows\system32\drivers\HdAud
io.sys. Real md5: F8BF7AC80F6F693FB61227358B524761, Fake md5: 975761C778E33CD224
98059B91E7373A
16:39:03.0524 10456 HdAudAddService ( ForgedFile.Multi.Generic ) - warning
16:39:03.0524 10456 HdAudAddService - detected ForgedFile.Multi.Generic (1)
16:39:03.0565 10456 [ B76CD2B5E058BD7EBDF2C164DAD1351A ] HDAudBus
C:\Win
dows\system32\drivers\HDAudBus.sys
16:39:03.0577 10456 Suspicious file (Forged): C:\Windows\system32\drivers\HDAud
Bus.sys. Real md5: B76CD2B5E058BD7EBDF2C164DAD1351A, Fake md5: 97BFED39B6B79EB12
CDDBFEED51F56BB
16:39:03.0577 10456 HDAudBus ( ForgedFile.Multi.Generic ) - warning
16:39:03.0577 10456 HDAudBus - detected ForgedFile.Multi.Generic (1)
16:39:03.0608 10456 [ E91AFF2610114CCAEBB90D4D991BB6B2 ] HECIx64
C:\Win
dows\system32\DRIVERS\HECIx64.sys
16:39:03.0680 10456 HECIx64 - ok
16:39:03.0708 10456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt
C:\Win
dows\system32\DRIVERS\HidBatt.sys
16:39:03.0838 10456 HidBatt - ok
16:39:03.0874 10456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth
C:\Win
dows\system32\DRIVERS\hidbth.sys
16:39:03.0967 10456 HidBth - ok
16:39:04.0029 10456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr
C:\Win
dows\system32\DRIVERS\hidir.sys
16:39:04.0086 10456 HidIr - ok
16:39:04.0144 10456 [ AC3F07FD9A21419ADB46321291DE3DE3 ] hidkmdf
C:\Win
dows\system32\DRIVERS\hidkmdf.sys
16:39:04.0184 10456 hidkmdf - ok
16:39:04.0228 10456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv
C:\Win
dows\system32\hidserv.dll
16:39:04.0415 10456 hidserv - ok
16:39:04.0474 10456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb
C:\Win
dows\system32\DRIVERS\hidusb.sys
16:39:04.0546 10456 HidUsb - ok
16:39:04.0610 10456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc
C:\Win
dows\system32\kmsvc.dll
16:39:04.0812 10456 hkmsvc - ok
16:39:04.0873 10456 [ 8B559828B6A296145C2C31C58D19C600 ] HomeGroupListener C:\W
indows\system32\ListSvc.dll
16:39:04.0932 10456 Suspicious file (Forged): C:\Windows\system32\ListSvc.dll.
Real md5: 8B559828B6A296145C2C31C58D19C600, Fake md5: EFDFB3DD38A4376F93E7985173
813ABD
16:39:04.0933 10456 HomeGroupListener ( ForgedFile.Multi.Generic ) - warning
16:39:04.0933 10456 HomeGroupListener - detected ForgedFile.Multi.Generic (1)
16:39:04.0961 10456 [ 918736048677CDEC5B9BE220905FB89D ] HomeGroupProvider C:\W
indows\system32\provsvc.dll
16:39:04.0981 10456 Suspicious file (Forged): C:\Windows\system32\provsvc.dll.
Real md5: 918736048677CDEC5B9BE220905FB89D, Fake md5: 908ACB1F594274965A53926B10
C81E89
16:39:04.0982 10456 HomeGroupProvider ( ForgedFile.Multi.Generic ) - warning
16:39:04.0982 10456 HomeGroupProvider - detected ForgedFile.Multi.Generic (1)
16:39:05.0015 10456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD
C:\Win
dows\system32\drivers\HpSAMD.sys
16:39:05.0057 10456 HpSAMD - ok
16:39:05.0106 10456 [ C5FA6E35D7309D231A2CCF00E2785DF2 ] HTTP
C:\Win
dows\system32\drivers\HTTP.sys
16:39:05.0127 10456 Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.
sys. Real md5: C5FA6E35D7309D231A2CCF00E2785DF2, Fake md5: 0EA7DE1ACB728DD5A369F
D742D6EEE28
16:39:05.0129 10456 HTTP ( ForgedFile.Multi.Generic ) - warning
16:39:05.0129 10456 HTTP - detected ForgedFile.Multi.Generic (1)
16:39:05.0174 10456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy
C:\Win
dows\system32\drivers\hwpolicy.sys
16:39:05.0201 10456 hwpolicy - ok
16:39:05.0244 10456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt
C:\Win
dows\system32\drivers\i8042prt.sys
16:39:05.0338 10456 i8042prt - ok
16:39:05.0358 10456 [ CF2A71080A02FDB14CC54E7ECF380877 ] iaStorV
C:\Win
dows\system32\drivers\iaStorV.sys
16:39:05.0420 10456 Suspicious file (Forged): C:\Windows\system32\drivers\iaSto
rV.sys. Real md5: CF2A71080A02FDB14CC54E7ECF380877, Fake md5: AAAF44DB3BD0B9D1FB
6969B23ECC8366
16:39:05.0421 10456 iaStorV ( ForgedFile.Multi.Generic ) - warning
16:39:05.0421 10456 iaStorV - detected ForgedFile.Multi.Generic (1)
16:39:05.0473 10456 [ 7C9915F74F4938AFDA8AEECB55D2CEF8 ] idsvc
C:\Win
dows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.ex
e
16:39:05.0539 10456 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framewor
k64\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 7C9915F74F4938
AFDA8AEECB55D2CEF8, Fake md5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
16:39:05.0541 10456 idsvc ( ForgedFile.Multi.Generic ) - warning
16:39:05.0541 10456 idsvc - detected ForgedFile.Multi.Generic (1)
16:39:05.0580 10456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp
C:\Win
dows\system32\DRIVERS\iirsp.sys
16:39:05.0607 10456 iirsp - ok
16:39:05.0657 10456 [ C537780F4E20DC2035D308F3487174D9 ] IKEEXT
C:\Win
dows\System32\ikeext.dll
16:39:05.0706 10456 Suspicious file (Forged): C:\Windows\System32\ikeext.dll. R
eal md5: C537780F4E20DC2035D308F3487174D9, Fake md5: FCD84C381E0140AF901E58D4888
2D26B
16:39:05.0708 10456 IKEEXT ( ForgedFile.Multi.Generic ) - warning
16:39:05.0709 10456 IKEEXT - detected ForgedFile.Multi.Generic (1)
16:39:05.0778 10456 [ 2C5C11C2364955FA7F07B6920E1A66B3 ] IntcAzAudAddService C:
\Windows\system32\drivers\RTKVHD64.sys
16:39:05.0962 10456 Suspicious file (Forged): C:\Windows\system32\drivers\RTKVH
D64.sys. Real md5: 2C5C11C2364955FA7F07B6920E1A66B3, Fake md5: B16FC828CE7A76A8F
1CE682E6EAD2627
16:39:05.0968 10456 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
16:39:05.0968 10456 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
16:39:06.0010 10456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide
C:\Win
dows\system32\drivers\intelide.sys
16:39:06.0040 10456 intelide - ok
16:39:06.0073 10456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm
C:\Win
dows\system32\DRIVERS\intelppm.sys
16:39:06.0130 10456 intelppm - ok
16:39:06.0158 10456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum
C:\Win
dows\system32\ipbusenum.dll
16:39:06.0303 10456 IPBusEnum - ok
16:39:06.0381 10456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Win
dows\system32\DRIVERS\ipfltdrv.sys
16:39:06.0759 10456 IpFilterDriver - ok
16:39:06.0835 10456 [ 9D11046130DC3A861A5143631BC5BBDD ] iphlpsvc
C:\Win
dows\System32\iphlpsvc.dll
16:39:06.0867 10456 Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll.
Real md5: 9D11046130DC3A861A5143631BC5BBDD, Fake md5: 08C2957BB30058E663720C560
6885653
16:39:06.0869 10456 iphlpsvc ( ForgedFile.Multi.Generic ) - warning
16:39:06.0869 10456 iphlpsvc - detected ForgedFile.Multi.Generic (1)
16:39:06.0902 10456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV
C:\Win
dows\system32\drivers\IPMIDrv.sys
16:39:07.0011 10456 IPMIDRV - ok
16:39:07.0036 10456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT
C:\Win
dows\system32\drivers\ipnat.sys
16:39:07.0204 10456 IPNAT - ok
16:39:07.0262 10456 [ CFDD4A8C76A0848EB3A97793ACC3BF09 ] iPod Service
C:\Pro
gram Files\iPod\bin\iPodService.exe
16:39:07.0305 10456 Suspicious file (Forged): C:\Program Files\iPod\bin\iPodSer
vice.exe. Real md5: CFDD4A8C76A0848EB3A97793ACC3BF09, Fake md5: 4EFFC8FF6D349E97
1E94B1C670C0C66A
16:39:07.0308 10456 iPod Service ( ForgedFile.Multi.Generic ) - warning
16:39:07.0308 10456 iPod Service - detected ForgedFile.Multi.Generic (1)
16:39:07.0351 10456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM
C:\Win
dows\system32\drivers\irenum.sys
16:39:07.0504 10456 IRENUM - ok
16:39:07.0550 10456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp
C:\Win
dows\system32\drivers\isapnp.sys
16:39:07.0587 10456 isapnp - ok
16:39:07.0621 10456 [ 143ED63F0DA9D94E78099906D37FBA62 ] iScsiPrt
C:\Win
dows\system32\drivers\msiscsi.sys
16:39:07.0670 10456 Suspicious file (Forged): C:\Windows\system32\drivers\msisc
si.sys. Real md5: 143ED63F0DA9D94E78099906D37FBA62, Fake md5: D931D7309DEB231703
5B07C9F9E6B0BD
16:39:07.0670 10456 iScsiPrt ( ForgedFile.Multi.Generic ) - warning
dows\system32\DRIVERS\lsi_sas.sys
16:39:09.0546 10456 LSI_SAS - ok
16:39:09.0568 10456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2
C:\Win
dows\system32\DRIVERS\lsi_sas2.sys
16:39:09.0586 10456 LSI_SAS2 - ok
16:39:09.0611 10456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI
C:\Win
dows\system32\DRIVERS\lsi_scsi.sys
16:39:09.0654 10456 LSI_SCSI - ok
16:39:09.0701 10456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv
C:\Win
dows\system32\drivers\luafv.sys
16:39:09.0867 10456 luafv - ok
16:39:09.0940 10456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc
C:\Win
dows\system32\Mcx2Svc.dll
16:39:10.0069 10456 Mcx2Svc - ok
16:39:10.0106 10456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas
C:\Win
dows\system32\DRIVERS\megasas.sys
16:39:10.0140 10456 megasas - ok
16:39:10.0146 10456 [ A2BD129C8B7E87EA4DA821D729F177BB ] MegaSR
C:\Win
dows\system32\DRIVERS\MegaSR.sys
16:39:10.0197 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\MegaS
R.sys. Real md5: A2BD129C8B7E87EA4DA821D729F177BB, Fake md5: BAF74CE0072480C3B6B
7C13B2A94D6B3
16:39:10.0197 10456 MegaSR ( ForgedFile.Multi.Generic ) - warning
16:39:10.0198 10456 MegaSR - detected ForgedFile.Multi.Generic (1)
16:39:10.0255 10456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS
C:\Win
dows\system32\mmcss.dll
16:39:10.0387 10456 MMCSS - ok
16:39:10.0449 10456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem
C:\Win
dows\system32\drivers\modem.sys
16:39:10.0619 10456 Modem - ok
16:39:10.0668 10456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor
C:\Win
dows\system32\DRIVERS\monitor.sys
16:39:10.0811 10456 monitor - ok
16:39:10.0856 10456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass
C:\Win
dows\system32\DRIVERS\mouclass.sys
16:39:10.0906 10456 mouclass - ok
16:39:10.0951 10456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid
C:\Win
dows\system32\DRIVERS\mouhid.sys
16:39:11.0079 10456 mouhid - ok
16:39:11.0124 10456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr
C:\Win
dows\system32\drivers\mountmgr.sys
16:39:11.0136 10456 mountmgr - ok
16:39:11.0231 10456 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\
Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:39:11.0281 10456 MozillaMaintenance - ok
16:39:11.0327 10456 [ EEA6C7E32D7FA992B5E9C5C84643A57E ] mpio
C:\Win
dows\system32\drivers\mpio.sys
16:39:11.0375 10456 Suspicious file (Forged): C:\Windows\system32\drivers\mpio.
sys. Real md5: EEA6C7E32D7FA992B5E9C5C84643A57E, Fake md5: A44B420D30BD56E145D6A
2BC8768EC58
16:39:11.0375 10456 mpio ( ForgedFile.Multi.Generic ) - warning
16:39:11.0375 10456 mpio - detected ForgedFile.Multi.Generic (1)
16:39:11.0418 10456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv
C:\Win
dows\system32\drivers\mpsdrv.sys
16:39:11.0596 10456 mpsdrv - ok
16:39:11.0614 10456 [ 6EC25B77CCC50CFA1F762C0EF9285635 ] MpsSvc
C:\Win
dows\system32\mpssvc.dll
16:39:11.0738 10456 Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. R
eal md5: 6EC25B77CCC50CFA1F762C0EF9285635, Fake md5: 54FFC9C8898113ACE189D4AA719
9D2C1
3177B08
16:39:12.0919 10456 MSiSCSI ( ForgedFile.Multi.Generic ) - warning
16:39:12.0919 10456 MSiSCSI - detected ForgedFile.Multi.Generic (1)
16:39:12.0923 10456 msiserver - ok
16:39:12.0970 10456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV
C:\Win
dows\system32\drivers\MSKSSRV.sys
16:39:13.0149 10456 MSKSSRV - ok
16:39:13.0214 10456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK
C:\Win
dows\system32\drivers\MSPCLOCK.sys
16:39:13.0371 10456 MSPCLOCK - ok
16:39:13.0424 10456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM
C:\Win
dows\system32\drivers\MSPQM.sys
16:39:13.0597 10456 MSPQM - ok
16:39:13.0649 10456 [ 8137DA33C5BC9A8969959FF84CB8CC45 ] MsRPC
C:\Win
dows\system32\drivers\MsRPC.sys
16:39:13.0677 10456 Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC
.sys. Real md5: 8137DA33C5BC9A8969959FF84CB8CC45, Fake md5: 759A9EEB0FA9ED79DA1F
B7D4EF78866D
16:39:13.0678 10456 MsRPC ( ForgedFile.Multi.Generic ) - warning
16:39:13.0678 10456 MsRPC - detected ForgedFile.Multi.Generic (1)
16:39:13.0724 10456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios
C:\Win
dows\system32\drivers\mssmbios.sys
16:39:13.0740 10456 mssmbios - ok
16:39:13.0808 10456 MSSQL$MSSMLBIZ - ok
16:39:13.0839 10456 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:
\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:39:13.0885 10456 MSSQLServerADHelper - ok
16:39:13.0934 10456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE
C:\Win
dows\system32\drivers\MSTEE.sys
16:39:14.0112 10456 MSTEE - ok
16:39:14.0178 10456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig
C:\Win
dows\system32\DRIVERS\MTConfig.sys
16:39:14.0296 10456 MTConfig - ok
16:39:14.0341 10456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup
C:\Win
dows\system32\Drivers\mup.sys
16:39:14.0384 10456 Mup - ok
16:39:14.0420 10456 [ B07B990A533EBEC7C943EAFD5B9D237D ] napagent
C:\Win
dows\system32\qagentRT.dll
16:39:14.0447 10456 Suspicious file (Forged): C:\Windows\system32\qagentRT.dll.
Real md5: B07B990A533EBEC7C943EAFD5B9D237D, Fake md5: 582AC6D9873E31DFA28A45472
70862DD
16:39:14.0448 10456 napagent ( ForgedFile.Multi.Generic ) - warning
16:39:14.0448 10456 napagent - detected ForgedFile.Multi.Generic (1)
16:39:14.0466 10456 [ E0D96589868533C98B2DBBD4E15B2A2A ] NativeWifiP
C:\Win
dows\system32\DRIVERS\nwifi.sys
16:39:14.0508 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi
.sys. Real md5: E0D96589868533C98B2DBBD4E15B2A2A, Fake md5: 1EA3749C4114DB3E3161
156FFFFA6B33
16:39:14.0509 10456 NativeWifiP ( ForgedFile.Multi.Generic ) - warning
16:39:14.0509 10456 NativeWifiP - detected ForgedFile.Multi.Generic (1)
16:39:14.0535 10456 [ AA6CF591DBBAD99F0FBD222BC233516D ] NDIS
C:\Win
dows\system32\drivers\ndis.sys
16:39:14.0558 10456 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.
sys. Real md5: AA6CF591DBBAD99F0FBD222BC233516D, Fake md5: 760E38053BF56E501D562
B70AD796B88
16:39:14.0561 10456 NDIS ( ForgedFile.Multi.Generic ) - warning
16:39:14.0562 10456 NDIS - detected ForgedFile.Multi.Generic (1)
16:39:14.0580 10456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap
C:\Win
dows\system32\DRIVERS\ndiscap.sys
16:39:14.0770 10456 NdisCap - ok
dows\system32\DRIVERS\SiSRaid2.sys
16:39:29.0815 10456 SiSRaid2 - ok
16:39:29.0848 10456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4
C:\Win
dows\system32\DRIVERS\sisraid4.sys
16:39:29.0890 10456 SiSRaid4 - ok
16:39:29.0931 10456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb
C:\Win
dows\system32\DRIVERS\smb.sys
16:39:30.0313 10456 Smb - ok
16:39:30.0396 10456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP
C:\Win
dows\System32\snmptrap.exe
16:39:30.0519 10456 SNMPTRAP - ok
16:39:30.0594 10456 [ 1C0076D76B8967F178E66BA1E8C57A54 ] SOHCImp
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
16:39:30.0666 10456 Suspicious file (Forged): C:\Program Files (x86)\Common Fil
es\Sony Shared\SOHLib\SOHCImp.exe. Real md5: 1C0076D76B8967F178E66BA1E8C57A54, F
ake md5: 98886C88A1CB13D61672AE2C638B7E1C
16:39:30.0666 10456 SOHCImp ( ForgedFile.Multi.Generic ) - warning
16:39:30.0666 10456 SOHCImp - detected ForgedFile.Multi.Generic (1)
16:39:30.0689 10456 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:39:30.0704 10456 SOHDBSvr - ok
16:39:30.0720 10456 [ 4C46F4DFAFCE21820FF98978BF135530 ] SOHDms
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
16:39:30.0776 10456 Suspicious file (Forged): C:\Program Files (x86)\Common Fil
es\Sony Shared\SOHLib\SOHDms.exe. Real md5: 4C46F4DFAFCE21820FF98978BF135530, Fa
ke md5: 556681BE668D71DC162391A45422B52C
16:39:30.0777 10456 SOHDms ( ForgedFile.Multi.Generic ) - warning
16:39:30.0777 10456 SOHDms - detected ForgedFile.Multi.Generic (1)
16:39:30.0798 10456 [ 72B46103E4111439109ACF5882627C24 ] SOHDs
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:39:30.0822 10456 SOHDs - ok
16:39:30.0839 10456 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:39:30.0889 10456 SOHPlMgr - ok
16:39:30.0932 10456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr
C:\Win
dows\system32\drivers\spldr.sys
16:39:30.0977 10456 spldr - ok
16:39:30.0995 10456 [ F9F18AB6CD212C1FD2B7CF9049D476A1 ] Spooler
C:\Win
dows\System32\spoolsv.exe
16:39:31.0054 10456 Suspicious file (Forged): C:\Windows\System32\spoolsv.exe.
Real md5: F9F18AB6CD212C1FD2B7CF9049D476A1, Fake md5: 85DAA09A98C9286D4EA2BA8D0E
644377
16:39:31.0056 10456 Spooler ( ForgedFile.Multi.Generic ) - warning
16:39:31.0056 10456 Spooler - detected ForgedFile.Multi.Generic (1)
16:39:31.0092 10456 [ 1030D0C9B2A5C7E26FAD2B5DA09A3F2C ] sppsvc
C:\Win
dows\system32\sppsvc.exe
16:39:31.0259 10456 Suspicious file (Forged): C:\Windows\system32\sppsvc.exe. R
eal md5: 1030D0C9B2A5C7E26FAD2B5DA09A3F2C, Fake md5: E17E0188BB90FAE42D83E98707E
FA59C
16:39:31.0269 10456 sppsvc ( ForgedFile.Multi.Generic ) - warning
16:39:31.0269 10456 sppsvc - detected ForgedFile.Multi.Generic (1)
16:39:31.0318 10456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify
C:\Win
dows\system32\sppuinotify.dll
16:39:31.0424 10456 sppuinotify - ok
16:39:31.0459 10456 [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser
c:\Pro
gram Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:39:31.0499 10456 Suspicious file (Forged): c:\Program Files (x86)\Microsoft
SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3,
Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
16:39:31.0500 10456 SQLBrowser ( ForgedFile.Multi.Generic ) - warning
dows\System32\swprv.dll
16:39:32.0422 10456 Suspicious file (Forged): C:\Windows\System32\swprv.dll. Re
al md5: 59071590099D21DD439896592338BF95, Fake md5: E08E46FDD841B7184194011CA195
5A0B
16:39:32.0423 10456 swprv ( ForgedFile.Multi.Generic ) - warning
16:39:32.0423 10456 swprv - detected ForgedFile.Multi.Generic (1)
16:39:32.0470 10456 [ 411258D8A39220B4817EB2F55C4D8FEE ] SysMain
C:\Win
dows\system32\sysmain.dll
16:39:32.0595 10456 Suspicious file (Forged): C:\Windows\system32\sysmain.dll.
Real md5: 411258D8A39220B4817EB2F55C4D8FEE, Fake md5: BF9CCC0BF39B418C8D0AE8B05C
F95B7D
16:39:32.0614 10456 SysMain ( ForgedFile.Multi.Generic ) - warning
16:39:32.0614 10456 SysMain - detected ForgedFile.Multi.Generic (1)
16:39:32.0684 10456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\
Windows\System32\TabSvc.dll
16:39:32.0819 10456 TabletInputService - ok
16:39:32.0866 10456 [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv
C:\Win
dows\System32\tapisrv.dll
16:39:32.0916 10456 Suspicious file (Forged): C:\Windows\System32\tapisrv.dll.
Real md5: 3A05225B4172D0FA20107BD503A84681, Fake md5: 40F0849F65D13EE87B9A9AE3C1
DD6823
16:39:32.0917 10456 TapiSrv ( ForgedFile.Multi.Generic ) - warning
16:39:32.0917 10456 TapiSrv - detected ForgedFile.Multi.Generic (1)
16:39:32.0953 10456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS
C:\Win
dows\System32\tbssvc.dll
16:39:33.0089 10456 TBS - ok
16:39:33.0146 10456 [ C7CE09C1A058F0654866D19049232316 ] Tcpip
C:\Win
dows\system32\drivers\tcpip.sys
16:39:33.0249 10456 Suspicious file (Forged): C:\Windows\system32\drivers\tcpip
.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764
A29C34A22899
16:39:33.0255 10456 Tcpip ( ForgedFile.Multi.Generic ) - warning
16:39:33.0255 10456 Tcpip - detected ForgedFile.Multi.Generic (1)
16:39:33.0281 10456 [ C7CE09C1A058F0654866D19049232316 ] TCPIP6
C:\Win
dows\system32\DRIVERS\tcpip.sys
16:39:33.0298 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip
.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764
A29C34A22899
16:39:33.0303 10456 TCPIP6 ( ForgedFile.Multi.Generic ) - warning
16:39:33.0304 10456 TCPIP6 - detected ForgedFile.Multi.Generic (1)
16:39:33.0336 10456 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg
C:\Win
dows\system32\drivers\tcpipreg.sys
16:39:33.0443 10456 tcpipreg - ok
16:39:33.0480 10456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE
C:\Win
dows\system32\drivers\tdpipe.sys
16:39:33.0576 10456 TDPIPE - ok
16:39:33.0586 10456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP
C:\Win
dows\system32\drivers\tdtcp.sys
16:39:33.0633 10456 TDTCP - ok
16:39:33.0667 10456 [ 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A ] tdx
C:\Win
dows\system32\DRIVERS\tdx.sys
16:39:33.0689 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.s
ys. Real md5: 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A, Fake md5: DDAD5A7AB24D8B65F8D724
F5C20FD806
16:39:33.0689 10456 tdx ( ForgedFile.Multi.Generic ) - warning
16:39:33.0689 10456 tdx - detected ForgedFile.Multi.Generic (1)
16:39:33.0720 10456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD
C:\Win
dows\system32\drivers\termdd.sys
16:39:33.0749 10456 TermDD - ok
16:39:33.0781 10456 [ 08D4C02950BB5DAD4FC126E2AF2AA66F ] TermService
C:\Win
dows\System32\termsrv.dll
16:39:33.0845 10456 Suspicious file (Forged): C:\Windows\System32\termsrv.dll.
Real md5: 08D4C02950BB5DAD4FC126E2AF2AA66F, Fake md5: 2E648163254233755035B46DD7
B89123
16:39:33.0847 10456 TermService ( ForgedFile.Multi.Generic ) - warning
16:39:33.0847 10456 TermService - detected ForgedFile.Multi.Generic (1)
16:39:33.0894 10456 [ F0344071948D1A1FA732231785A0664C ] Themes
C:\Win
dows\system32\themeservice.dll
16:39:34.0063 10456 Themes - ok
16:39:34.0129 10456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER
C:\Win
dows\system32\mmcss.dll
16:39:34.0229 10456 THREADORDER - ok
16:39:34.0293 10456 [ 075F78AFFB479E0089DC0877EDFCF141 ] TmFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
16:39:34.0344 10456 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\TmXPFlt.sys. Real md5: 075F78AFFB479E0089DC0877EDFCF141, Fak
e md5: 7473EE150FF40460166470B59A765091
16:39:34.0345 10456 TmFilter ( ForgedFile.Multi.Generic ) - warning
16:39:34.0345 10456 TmFilter - detected ForgedFile.Multi.Generic (1)
16:39:34.0412 10456 [ 44469AB6C1D3DAD5A1DD9E337464E67F ] tmlisten
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
16:39:34.0472 10456 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\tmlisten.exe. Real md5: 44469AB6C1D3DAD5A1DD9E337464E67F, Fa
ke md5: 72FD200F1B49E83969D252E5EFF6B6D1
16:39:34.0478 10456 tmlisten ( ForgedFile.Multi.Generic ) - warning
16:39:34.0478 10456 tmlisten - detected ForgedFile.Multi.Generic (1)
16:39:34.0512 10456 [ 5E56A8E5436AB08C637C457A88524E87 ] TmPreFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
16:39:34.0537 10456 TmPreFilter - ok
16:39:34.0563 10456 [ F3FF1337A57E252C40E9EDABC4F1BB33 ] TmProxy
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
16:39:34.0673 10456 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\TmProxy.exe. Real md5: F3FF1337A57E252C40E9EDABC4F1BB33, Fak
e md5: B55961FC9C78290F89538B4F932525B4
16:39:34.0688 10456 TmProxy ( ForgedFile.Multi.Generic ) - warning
16:39:34.0688 10456 TmProxy - detected ForgedFile.Multi.Generic (1)
16:39:34.0734 10456 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi
C:\Win
dows\system32\DRIVERS\tmtdi.sys
16:39:34.0830 10456 tmtdi - ok
16:39:34.0858 10456 [ 72434F76A48A4CAA82E9674DDB8229FC ] TrkWks
C:\Win
dows\System32\trkwks.dll
16:39:34.0895 10456 Suspicious file (Forged): C:\Windows\System32\trkwks.dll. R
eal md5: 72434F76A48A4CAA82E9674DDB8229FC, Fake md5: 7E7AFD841694F6AC397E99D75CE
AD49D
16:39:34.0896 10456 TrkWks ( ForgedFile.Multi.Generic ) - warning
16:39:34.0896 10456 TrkWks - detected ForgedFile.Multi.Generic (1)
16:39:34.0935 10456 [ 1823AD3A8B64356EEA654470565A0791 ] TrustedInstaller C:\Wi
ndows\servicing\TrustedInstaller.exe
16:39:34.0995 10456 Suspicious file (Forged): C:\Windows\servicing\TrustedInsta
ller.exe. Real md5: 1823AD3A8B64356EEA654470565A0791, Fake md5: 773212B2AAA24C1E
31F10246B15B276C
16:39:34.0996 10456 TrustedInstaller ( ForgedFile.Multi.Generic ) - warning
16:39:34.0996 10456 TrustedInstaller - detected ForgedFile.Multi.Generic (1)
16:39:35.0028 10456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv
C:\Win
dows\system32\DRIVERS\tssecsrv.sys
16:39:35.0212 10456 tssecsrv - ok
16:39:35.0298 10456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt
C:\Win
dows\system32\drivers\tsusbflt.sys
16:39:35.0430 10456 TsUsbFlt - ok
16:39:35.0459 10456 [ D99804343B53D8D25A5B97FC8266BDF3 ] tunnel
C:\Win
dows\system32\DRIVERS\tunnel.sys
16:39:35.0472 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tunne
l.sys. Real md5: D99804343B53D8D25A5B97FC8266BDF3, Fake md5: 3566A8DAAFA27AF944F
5D705EAA64894
16:39:35.0472 10456 tunnel ( ForgedFile.Multi.Generic ) - warning
16:39:35.0472 10456 tunnel - detected ForgedFile.Multi.Generic (1)
16:39:35.0506 10456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35
C:\Win
dows\system32\DRIVERS\uagp35.sys
16:39:35.0531 10456 uagp35 - ok
16:39:35.0591 10456 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor
C:\Pro
gram Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:39:35.0657 10456 uCamMonitor - ok
16:39:35.0687 10456 [ BF738E1E02E9B04AF982F237D486512A ] udfs
C:\Win
dows\system32\DRIVERS\udfs.sys
16:39:35.0738 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.
sys. Real md5: BF738E1E02E9B04AF982F237D486512A, Fake md5: FF4232A1A64012BAA1FD9
7C7B67DF593
16:39:35.0739 10456 udfs ( ForgedFile.Multi.Generic ) - warning
16:39:35.0739 10456 udfs - detected ForgedFile.Multi.Generic (1)
16:39:35.0791 10456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect
C:\Win
dows\system32\UI0Detect.exe
16:39:35.0860 10456 UI0Detect - ok
16:39:35.0891 10456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx
C:\Win
dows\system32\drivers\uliagpkx.sys
16:39:35.0927 10456 uliagpkx - ok
16:39:35.0977 10456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus
C:\Win
dows\system32\drivers\umbus.sys
16:39:36.0110 10456 umbus - ok
16:39:36.0155 10456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass
C:\Win
dows\system32\DRIVERS\umpass.sys
16:39:36.0238 10456 UmPass - ok
16:39:36.0259 10456 [ 015FD40C79EACFEA2A26BF80C3280749 ] upnphost
C:\Win
dows\System32\upnphost.dll
16:39:36.0302 10456 Suspicious file (Forged): C:\Windows\System32\upnphost.dll.
Real md5: 015FD40C79EACFEA2A26BF80C3280749, Fake md5: D47EC6A8E81633DD18D2436B1
9BAF6DE
16:39:36.0303 10456 upnphost ( ForgedFile.Multi.Generic ) - warning
16:39:36.0303 10456 upnphost - detected ForgedFile.Multi.Generic (1)
16:39:36.0343 10456 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64
C:\Win
dows\system32\Drivers\usbaapl64.sys
16:39:36.0459 10456 USBAAPL64 - ok
16:39:36.0489 10456 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio
C:\Win
dows\system32\drivers\usbaudio.sys
16:39:36.0549 10456 usbaudio - ok
16:39:36.0589 10456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp
C:\Win
dows\system32\DRIVERS\usbccgp.sys
16:39:36.0695 10456 usbccgp - ok
16:39:36.0749 10456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir
C:\Win
dows\system32\drivers\usbcir.sys
16:39:36.0866 10456 usbcir - ok
16:39:36.0909 10456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci
C:\Win
dows\system32\DRIVERS\usbehci.sys
16:39:36.0977 10456 usbehci - ok
16:39:37.0004 10456 [ 3C75F8040BD7DE4A57BF2187C8AD9F4D ] usbhub
C:\Win
dows\system32\DRIVERS\usbhub.sys
16:39:37.0043 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhu
b.sys. Real md5: 3C75F8040BD7DE4A57BF2187C8AD9F4D, Fake md5: 287C6C9410B111B68B5
2CA298F7B8C24
16:39:37.0044 10456 usbhub ( ForgedFile.Multi.Generic ) - warning
16:39:37.0044 10456 usbhub - detected ForgedFile.Multi.Generic (1)
n: Skip
16:40:12.0985
16:40:12.0985
: Skip
16:40:12.0987
16:40:12.0987
p
16:40:12.0988
16:40:12.0988
Skip
16:40:12.0989
16:40:12.0990
Skip
16:40:12.0993
16:40:12.0993
16:40:12.0994
16:40:12.0995
Skip
16:40:12.0997
16:40:12.0997
n: Skip
16:40:12.0999
16:40:12.0999
ip
16:40:13.0000
16:40:13.0000
Skip
16:40:13.0001
16:40:13.0002
Skip
16:40:13.0003
16:40:13.0003
Skip
16:40:13.0004
16:40:13.0005
on: Skip
16:40:13.0007
16:40:13.0007
ip
16:40:13.0010
16:40:13.0010
Skip
16:40:13.0011
16:40:13.0011
16:40:13.0022 11072
ip
16:40:13.0023 11072
16:40:13.0023 11072
Skip
16:40:13.0028 11072
16:40:13.0029 11072
Skip
16:40:13.0032 11072
16:40:13.0032 11072
ip
16:40:13.0033 11072
ser
16:40:13.0033 11072
action: Skip
16:40:13.0034 11072
16:40:13.0034 11072
Skip
16:40:13.0036 11072
user
16:40:13.0036 11072
t action: Skip
16:40:13.0037 11072
user
16:40:13.0038 11072
t action: Skip
16:40:13.0039 11072
16:40:13.0039 11072
p
16:40:13.0040 11072
16:40:13.0040 11072
Skip
16:40:13.0043 11072
16:40:13.0043 11072
ip
16:40:13.0044 11072
16:40:13.0044 11072
kip
16:40:13.0047 11072
by user
16:40:13.0047 11072
ect action: Skip
16:40:13.0049 11072
16:40:13.0049 11072
Skip
16:40:13.0050 11072
16:40:13.0050 11072
ion: Skip
16:40:13.0052 11072
16:40:13.0052 11072
Skip
16:40:13.0053 11072
16:40:13.0053 11072
Skip
16:40:13.0054 11072
16:40:13.0054 11072
ip
16:40:13.0057 11072
16:40:13.0057 11072
ion: Skip
16:40:13.0060
16:40:13.0060
Skip
16:40:13.0061
16:40:13.0061
kip
16:40:13.0063
16:40:13.0063
p
16:40:13.0064
16:40:13.0064
kip
16:40:13.0068
16:40:13.0068
kip
16:40:13.0070
16:40:13.0070
kip
16:40:13.0071
16:40:13.0071
Skip
16:40:13.0072
16:40:13.0072
Skip
16:40:13.0074
16:40:13.0074
ip
16:40:13.0078
16:40:13.0078
ip
16:40:13.0080
16:40:13.0080
Skip
16:40:13.0081
16:40:13.0081
ip
16:40:13.0083
16:40:13.0083
Skip
16:40:13.0084
16:40:13.0084
on: Skip
16:40:13.0085
16:40:13.0085
p
16:40:13.0087
16:40:13.0087
Skip
16:40:13.0090
16:40:13.0090
ip
16:40:13.0092
16:40:13.0092
kip
16:40:13.0094
16:40:13.0094
Skip
16:40:13.0095
16:40:13.0095
kip
16:40:13.0097
16:40:13.0097
p
16:40:13.0098
16:40:13.0098
Skip
16:40:13.0100
16:40:13.0100
Skip
16:40:13.0101
16:40:13.0101
kip
16:40:13.0103
16:40:13.0103
kip
16:40:13.0104
16:40:13.0104
ip
16:40:13.0105
16:40:13.0105
kip
16:40:13.0107
16:40:13.0107
16:40:13.0111
16:40:13.0111
Skip
16:40:13.0113
16:40:13.0113
kip
16:40:13.0114
16:40:13.0114
kip
16:40:13.0115
16:40:13.0116
16:40:13.0117
16:40:13.0117
kip
16:40:13.0120
16:40:13.0120
kip
16:40:13.0121
16:40:13.0121
16:40:13.0123
16:40:13.0123
Skip
16:40:13.0125
16:40:13.0125
Skip
16:40:13.0127
16:40:13.0127
on: Skip
16:40:13.0128
16:40:13.0128
ip
16:40:13.0132
16:40:13.0132
Skip
16:40:13.0135
16:40:13.0135
kip
16:40:13.0136
16:40:13.0136
kip
16:40:13.0140
16:40:13.0140
kip
16:40:13.0142
16:40:13.0142
ip
16:40:13.0144
16:40:13.0144
Skip
16:40:13.0146
16:40:13.0146
kip
16:40:13.0147
16:40:13.0147
ip
16:40:13.0148
16:40:13.0148
ip
16:40:13.0151
16:40:13.0151
Skip
16:40:13.0153
er
16:40:13.0153
ction: Skip
16:40:13.0154
16:40:13.0154
kip
16:40:13.0156
16:40:13.0156
ip
16:40:13.0157
16:40:13.0157
Skip
16:40:13.0160
16:40:13.0160
Skip
16:40:13.0162
16:40:13.0162
kip
16:40:13.0163
16:40:13.0163
n: Skip
16:40:13.0167
16:40:13.0167
ion: Skip
16:40:13.0168
user
16:40:13.0168
action: Skip
16:40:13.0171
16:40:13.0171
Skip
16:40:13.0171
16:40:13.0171
kip
16:40:13.0173
16:40:13.0173
Skip
16:40:13.0176
16:40:13.0176
kip
16:40:13.0177
16:40:13.0178
n: Skip
16:40:13.0179
16:40:13.0179
: Skip
16:40:13.0182
16:40:13.0182
16:40:13.0184
16:40:13.0184
p
16:40:13.0186
16:40:13.0186
kip
16:40:13.0187
16:40:13.0187
Skip
16:40:13.0189
16:40:13.0189
kip
16:40:13.0190
16:40:13.0190
kip
16:40:13.0193
16:40:13.0193
ip
16:40:13.0195
16:40:13.0195
Skip
16:40:13.0196
16:40:13.0196
Skip
16:40:13.0199
16:40:13.0199
ip
16:40:13.0201
16:40:13.0201
kip
16:40:13.0202
16:40:13.0202
16:40:13.0204
16:40:13.0204
on: Skip
16:40:13.0205
16:40:13.0205
Skip
16:40:13.0206
16:40:13.0206
Skip
16:40:13.0210
16:40:13.0210 11072
Skip
16:40:13.0212 11072
16:40:13.0212 11072
kip
16:40:13.0214 11072
user
16:40:13.0214 11072
action: Skip
16:40:13.0215 11072
16:40:13.0215 11072
kip
16:40:13.0216 11072
16:40:13.0216 11072
p
16:40:13.0219 11072
16:40:13.0220 11072
Skip
16:40:13.0221 11072
16:40:13.0221 11072
kip
16:40:13.0223 11072
16:40:13.0223 11072
Skip
16:40:13.0226 11072
File.Multi.Generic )
16:40:13.0226 11072
File.Multi.Generic )
16:40:13.0228 11072
y user
16:40:13.0228 11072
ct action: Skip
16:40:13.0230 11072
d by user
16:40:13.0230 11072
elect action: Skip
16:40:13.0231 11072
16:40:13.0232 11072
p
16:40:13.0234 11072
16:40:13.0234 11072
n: Skip
16:40:13.0235 11072
16:40:13.0235 11072
: Skip
16:40:13.0237 11072
16:40:13.0237 11072
16:40:13.0238
16:40:13.0238
ip
16:40:13.0240
16:40:13.0240
Skip
16:40:13.0245
16:40:13.0245
Skip
16:40:13.0248
16:40:13.0248
Skip
16:40:13.0249
16:40:13.0249
n: Skip
16:40:13.0252
16:40:13.0252
16:40:13.0254 11072
d by user
16:40:13.0254 11072
elect action: Skip
16:40:13.0256 11072
16:40:13.0256 11072
Skip
16:40:13.0257 11072
16:40:13.0257 11072
Skip
16:40:13.0260 11072
16:40:13.0260 11072
on: Skip
16:40:13.0261 11072
16:40:13.0262 11072
Skip
16:40:13.0264 11072
16:40:13.0264 11072
Skip
16:40:13.0266 11072
16:40:13.0266 11072
Skip
16:40:13.0267 11072
16:40:13.0268 11072
Skip
16:40:13.0269 11072
16:40:13.0269 11072
: Skip
16:40:13.0271 11072
16:40:13.0271 11072
kip
16:40:13.0273 11072
16:40:13.0273 11072
Skip
16:40:13.0276 11072
16:40:13.0276 11072
ip
16:40:13.0278 11072
16:40:13.0278 11072
Skip
16:40:13.0279 11072
16:40:13.0280 11072
Skip
16:40:13.0281 11072
16:40:13.0281 11072
Skip
16:40:13.0282 11072
16:40:13.0282 11072
kip
16:40:13.0284 11072
16:40:13.0284 11072
Skip
16:40:13.0287 11072
skipped by user
dows\system32\DRIVERS\adpahci.sys
16:40:52.0911 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adpah
ci.sys. Real md5: B0FF150AB317F7BB56EFD37F5AF5F6A0, Fake md5: 597F78224EE9224EA1
A13D6350CED962
16:40:52.0911 10700 adpahci ( ForgedFile.Multi.Generic ) - warning
16:40:52.0911 10700 adpahci - detected ForgedFile.Multi.Generic (1)
16:40:52.0919 10700 [ 1C42EEAE0241B6945805E719739A7A69 ] adpu320
C:\Win
dows\system32\DRIVERS\adpu320.sys
16:40:52.0934 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adpu3
20.sys. Real md5: 1C42EEAE0241B6945805E719739A7A69, Fake md5: E109549C90F62FB570
B9540C4B148E54
16:40:52.0934 10700 adpu320 ( ForgedFile.Multi.Generic ) - warning
16:40:52.0934 10700 adpu320 - detected ForgedFile.Multi.Generic (1)
16:40:52.0962 10700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc
C:\Win
dows\System32\aelupsvc.dll
16:40:52.0964 10700 AeLookupSvc - ok
16:40:52.0981 10700 [ 2EF70BAABAB756361309C358D012FA74 ] AFD
C:\Win
dows\system32\drivers\afd.sys
16:40:53.0040 10700 Suspicious file (Forged): C:\Windows\system32\drivers\afd.s
ys. Real md5: 2EF70BAABAB756361309C358D012FA74, Fake md5: 1C7857B62DE5994A75B054
A9FD4C3825
16:40:53.0041 10700 AFD ( ForgedFile.Multi.Generic ) - warning
16:40:53.0041 10700 AFD - detected ForgedFile.Multi.Generic (1)
16:40:53.0070 10700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440
C:\Win
dows\system32\drivers\agp440.sys
16:40:53.0072 10700 agp440 - ok
16:40:53.0090 10700 [ 3290D6946B5E30E70414990574883DDB ] ALG
C:\Win
dows\System32\alg.exe
16:40:53.0091 10700 ALG - ok
16:40:53.0121 10700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide
C:\Win
dows\system32\drivers\aliide.sys
16:40:53.0122 10700 aliide - ok
16:40:53.0128 10700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide
C:\Win
dows\system32\drivers\amdide.sys
16:40:53.0129 10700 amdide - ok
16:40:53.0155 10700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8
C:\Win
dows\system32\DRIVERS\amdk8.sys
16:40:53.0156 10700 AmdK8 - ok
16:40:53.0173 10700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM
C:\Win
dows\system32\DRIVERS\amdppm.sys
16:40:53.0174 10700 AmdPPM - ok
16:40:53.0207 10700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata
C:\Win
dows\system32\drivers\amdsata.sys
16:40:53.0209 10700 amdsata - ok
16:40:53.0224 10700 [ EB7A232A20D3EE8115F5CE881C6316C4 ] amdsbs
C:\Win
dows\system32\DRIVERS\amdsbs.sys
16:40:53.0240 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\amdsb
s.sys. Real md5: EB7A232A20D3EE8115F5CE881C6316C4, Fake md5: F67F933E79241ED32FF
46A4F29B5120B
16:40:53.0241 10700 amdsbs ( ForgedFile.Multi.Generic ) - warning
16:40:53.0241 10700 amdsbs - detected ForgedFile.Multi.Generic (1)
16:40:53.0260 10700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata
C:\Win
dows\system32\drivers\amdxata.sys
16:40:53.0261 10700 amdxata - ok
16:40:53.0305 10700 [ 89A69C3F2F319B43379399547526D952 ] AppID
C:\Win
dows\system32\drivers\appid.sys
16:40:53.0307 10700 AppID - ok
16:40:53.0328 10700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc
C:\Win
dows\System32\appidsvc.dll
16:40:53.0330 10700 AppIDSvc - ok
dows\system32\drivers\fltmgr.sys
16:40:56.0810 10700 Suspicious file (Forged): C:\Windows\system32\drivers\fltmg
r.sys. Real md5: B85308A9694F3BF948499DEE870D47F7, Fake md5: DA6B67270FD9DB3697B
20FCE94950741
16:40:56.0811 10700 FltMgr ( ForgedFile.Multi.Generic ) - warning
16:40:56.0811 10700 FltMgr - detected ForgedFile.Multi.Generic (1)
16:40:56.0837 10700 [ CF83178C3B5A40F892BAF8C4E1CA8C7F ] FontCache
C:\Win
dows\system32\FntCache.dll
16:40:56.0860 10700 Suspicious file (Forged): C:\Windows\system32\FntCache.dll.
Real md5: CF83178C3B5A40F892BAF8C4E1CA8C7F, Fake md5: C4C183E6551084039EC862DA1
C945E3D
16:40:56.0864 10700 FontCache ( ForgedFile.Multi.Generic ) - warning
16:40:56.0864 10700 FontCache - detected ForgedFile.Multi.Generic (1)
16:40:56.0911 10700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Wi
ndows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:40:56.0924 10700 FontCache3.0.0.0 - ok
16:40:56.0949 10700 [ D43703496149971890703B4B1B723EAC ] FsDepends
C:\Win
dows\system32\drivers\FsDepends.sys
16:40:56.0950 10700 FsDepends - ok
16:40:56.0978 10700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec
C:\Win
dows\system32\drivers\Fs_Rec.sys
16:40:56.0979 10700 Fs_Rec - ok
16:40:56.0992 10700 [ 8A3254F809D1551A0C900A176B02E1CF ] fvevol
C:\Win
dows\system32\DRIVERS\fvevol.sys
16:40:57.0008 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\fvevo
l.sys. Real md5: 8A3254F809D1551A0C900A176B02E1CF, Fake md5: 8F6322049018354F45F
05A2FD2D4E5E0
16:40:57.0009 10700 fvevol ( ForgedFile.Multi.Generic ) - warning
16:40:57.0009 10700 fvevol - detected ForgedFile.Multi.Generic (1)
16:40:57.0032 10700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx
C:\Win
dows\system32\DRIVERS\gagp30kx.sys
16:40:57.0034 10700 gagp30kx - ok
16:40:57.0090 10700 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM
C:\Win
dows\system32\DRIVERS\GEARAspiWDM.sys
16:40:57.0132 10700 GEARAspiWDM - ok
16:40:57.0152 10700 [ 7E31A55776827C483B057B22D5697EFC ] gpsvc
C:\Win
dows\System32\gpsvc.dll
16:40:57.0181 10700 Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Re
al md5: 7E31A55776827C483B057B22D5697EFC, Fake md5: 277BBC7E1AA1EE957F573A10ECA7
EF3A
16:40:57.0183 10700 gpsvc ( ForgedFile.Multi.Generic ) - warning
16:40:57.0183 10700 gpsvc - detected ForgedFile.Multi.Generic (1)
16:40:57.0217 10700 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdate
C:\Pro
gram Files (x86)\Google\Update\GoogleUpdate.exe
16:40:57.0234 10700 Suspicious file (Forged): C:\Program Files (x86)\Google\Upd
ate\GoogleUpdate.exe. Real md5: E6FE1D6D33D67FD0288E02B40FC97C86, Fake md5: F02A
533F517EB38333CB12A9E8963773
16:40:57.0234 10700 gupdate ( ForgedFile.Multi.Generic ) - warning
16:40:57.0234 10700 gupdate - detected ForgedFile.Multi.Generic (1)
16:40:57.0247 10700 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdatem
C:\Pro
gram Files (x86)\Google\Update\GoogleUpdate.exe
16:40:57.0248 10700 Suspicious file (Forged): C:\Program Files (x86)\Google\Upd
ate\GoogleUpdate.exe. Real md5: E6FE1D6D33D67FD0288E02B40FC97C86, Fake md5: F02A
533F517EB38333CB12A9E8963773
16:40:57.0249 10700 gupdatem ( ForgedFile.Multi.Generic ) - warning
16:40:57.0249 10700 gupdatem - detected ForgedFile.Multi.Generic (1)
16:40:57.0264 10700 [ 5F9A0013AB787BCFA38523CE57749A61 ] gusvc
C:\Pro
gram Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:40:57.0322 10700 Suspicious file (Forged): C:\Program Files (x86)\Google\Com
mon\Google Updater\GoogleUpdaterService.exe. Real md5: 5F9A0013AB787BCFA38523CE5
87A8C9C
16:40:58.0813 10700 KtmRm ( ForgedFile.Multi.Generic ) - warning
16:40:58.0813 10700 KtmRm - detected ForgedFile.Multi.Generic (1)
16:40:58.0852 10700 [ 4BD20FA0B73B61D8415C27807475929B ] LanmanServer
C:\Win
dows\system32\srvsvc.dll
16:40:58.0868 10700 Suspicious file (Forged): C:\Windows\system32\srvsvc.dll. R
eal md5: 4BD20FA0B73B61D8415C27807475929B, Fake md5: D9F42719019740BAA6D1C6D536C
BDAA6
16:40:58.0869 10700 LanmanServer ( ForgedFile.Multi.Generic ) - warning
16:40:58.0869 10700 LanmanServer - detected ForgedFile.Multi.Generic (1)
16:40:58.0903 10700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\W
indows\System32\wkssvc.dll
16:40:58.0907 10700 LanmanWorkstation - ok
16:40:58.0941 10700 [ 1538831CF8AD2979A04C423779465827 ] lltdio
C:\Win
dows\system32\DRIVERS\lltdio.sys
16:40:58.0943 10700 lltdio - ok
16:40:58.0960 10700 [ 6D532F61A64CCFCDA3EE9616674E7C3B ] lltdsvc
C:\Win
dows\System32\lltdsvc.dll
16:40:58.0977 10700 Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll.
Real md5: 6D532F61A64CCFCDA3EE9616674E7C3B, Fake md5: C1185803384AB3FEED115F79F1
09427F
16:40:58.0977 10700 lltdsvc ( ForgedFile.Multi.Generic ) - warning
16:40:58.0977 10700 lltdsvc - detected ForgedFile.Multi.Generic (1)
16:40:58.0993 10700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts
C:\Win
dows\System32\lmhsvc.dll
16:40:58.0994 10700 lmhosts - ok
16:40:59.0028 10700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC
C:\Win
dows\system32\DRIVERS\lsi_fc.sys
16:40:59.0030 10700 LSI_FC - ok
16:40:59.0045 10700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS
C:\Win
dows\system32\DRIVERS\lsi_sas.sys
16:40:59.0047 10700 LSI_SAS - ok
16:40:59.0065 10700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2
C:\Win
dows\system32\DRIVERS\lsi_sas2.sys
16:40:59.0067 10700 LSI_SAS2 - ok
16:40:59.0084 10700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI
C:\Win
dows\system32\DRIVERS\lsi_scsi.sys
16:40:59.0085 10700 LSI_SCSI - ok
16:40:59.0114 10700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv
C:\Win
dows\system32\drivers\luafv.sys
16:40:59.0116 10700 luafv - ok
16:40:59.0162 10700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc
C:\Win
dows\system32\Mcx2Svc.dll
16:40:59.0164 10700 Mcx2Svc - ok
16:40:59.0178 10700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas
C:\Win
dows\system32\DRIVERS\megasas.sys
16:40:59.0179 10700 megasas - ok
16:40:59.0184 10700 [ A2BD129C8B7E87EA4DA821D729F177BB ] MegaSR
C:\Win
dows\system32\DRIVERS\MegaSR.sys
16:40:59.0196 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\MegaS
R.sys. Real md5: A2BD129C8B7E87EA4DA821D729F177BB, Fake md5: BAF74CE0072480C3B6B
7C13B2A94D6B3
16:40:59.0196 10700 MegaSR ( ForgedFile.Multi.Generic ) - warning
16:40:59.0196 10700 MegaSR - detected ForgedFile.Multi.Generic (1)
16:40:59.0335 10700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS
C:\Win
dows\system32\mmcss.dll
16:40:59.0386 10700 MMCSS - ok
16:40:59.0463 10700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem
C:\Win
dows\system32\drivers\modem.sys
16:40:59.0477 10700 Modem - ok
dows\System32\netman.dll
16:41:00.0996 10700 Suspicious file (Forged): C:\Windows\System32\netman.dll. R
eal md5: C732877313B5D1F756829298C582E151, Fake md5: 847D3AE376C0817161A14A82C89
22A9E
16:41:00.0997 10700 Netman ( ForgedFile.Multi.Generic ) - warning
16:41:00.0997 10700 Netman - detected ForgedFile.Multi.Generic (1)
16:41:01.0004 10700 [ 1E0ACBAFECBB719402A4E419F83860D6 ] netprofm
C:\Win
dows\System32\netprofm.dll
16:41:01.0016 10700 Suspicious file (Forged): C:\Windows\System32\netprofm.dll.
Real md5: 1E0ACBAFECBB719402A4E419F83860D6, Fake md5: 5F28111C648F1E24F7DBC87CD
EB091B8
16:41:01.0017 10700 netprofm ( ForgedFile.Multi.Generic ) - warning
16:41:01.0017 10700 netprofm - detected ForgedFile.Multi.Generic (1)
16:41:01.0050 10700 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\W
indows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost
.exe
16:41:01.0058 10700 NetTcpPortSharing - ok
16:41:01.0086 10700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960
C:\Win
dows\system32\DRIVERS\nfrd960.sys
16:41:01.0087 10700 nfrd960 - ok
16:41:01.0106 10700 [ 80C9F3C4C44CD6012CAACC6E829AB935 ] NlaSvc
C:\Win
dows\System32\nlasvc.dll
16:41:01.0117 10700 Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. R
eal md5: 80C9F3C4C44CD6012CAACC6E829AB935, Fake md5: 8AD77806D336673F270DB316452
67293
16:41:01.0118 10700 NlaSvc ( ForgedFile.Multi.Generic ) - warning
16:41:01.0118 10700 NlaSvc - detected ForgedFile.Multi.Generic (1)
16:41:01.0146 10700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs
C:\Win
dows\system32\drivers\Npfs.sys
16:41:01.0161 10700 Npfs - ok
16:41:01.0188 10700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi
C:\Win
dows\system32\nsisvc.dll
16:41:01.0190 10700 nsi - ok
16:41:01.0203 10700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy
C:\Win
dows\system32\drivers\nsiproxy.sys
16:41:01.0214 10700 nsiproxy - ok
16:41:01.0251 10700 [ 500C699225885BA8B8C672339020626D ] Ntfs
C:\Win
dows\system32\drivers\Ntfs.sys
16:41:01.0298 10700 Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.
sys. Real md5: 500C699225885BA8B8C672339020626D, Fake md5: B98F8C6E31CD07B2E6F71
F7F648E38C0
16:41:01.0302 10700 Ntfs ( ForgedFile.Multi.Generic ) - warning
16:41:01.0302 10700 Ntfs - detected ForgedFile.Multi.Generic (1)
16:41:01.0365 10700 [ A15CDAB7892593C3216CFF8B11C8BF2D ] ntrtscan
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
16:41:01.0415 10700 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\ntrtscan.exe. Real md5: A15CDAB7892593C3216CFF8B11C8BF2D, Fa
ke md5: 1B3BE4DFCC24640547DFBEC8BDD3C7C4
16:41:01.0420 10700 ntrtscan ( ForgedFile.Multi.Generic ) - warning
16:41:01.0421 10700 ntrtscan - detected ForgedFile.Multi.Generic (1)
16:41:01.0464 10700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null
C:\Win
dows\system32\drivers\Null.sys
16:41:01.0465 10700 Null - ok
16:41:01.0530 10700 [ DD3739E40B7AADE288B72643E8C1E50C ] nvlddmkm
C:\Win
dows\system32\DRIVERS\nvlddmkm.sys
16:41:01.0700 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nvldd
mkm.sys. Real md5: DD3739E40B7AADE288B72643E8C1E50C, Fake md5: FF02BAE39D23BB749
59F6F49BBD589D3
16:41:01.0733 10700 nvlddmkm ( ForgedFile.Multi.Generic ) - warning
16:41:01.0733 10700 nvlddmkm - detected ForgedFile.Multi.Generic (1)
dows\system32\qwave.dll
16:41:03.0151 10700 Suspicious file (Forged): C:\Windows\system32\qwave.dll. Re
al md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: 906191634E99AEA92C4816150BDA
3732
16:41:03.0152 10700 QWAVE ( ForgedFile.Multi.Generic ) - warning
16:41:03.0152 10700 QWAVE - detected ForgedFile.Multi.Generic (1)
16:41:03.0170 10700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv
C:\Win
dows\system32\drivers\qwavedrv.sys
16:41:03.0172 10700 QWAVEdrv - ok
16:41:03.0183 10700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd
C:\Win
dows\system32\DRIVERS\rasacd.sys
16:41:03.0184 10700 RasAcd - ok
16:41:03.0208 10700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn
C:\Win
dows\system32\DRIVERS\AgileVpn.sys
16:41:03.0224 10700 RasAgileVpn - ok
16:41:03.0258 10700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto
C:\Win
dows\System32\rasauto.dll
16:41:03.0261 10700 RasAuto - ok
16:41:03.0282 10700 [ BF5D2350D0CD373BE05911DA4A7F21E3 ] Rasl2tp
C:\Win
dows\system32\DRIVERS\rasl2tp.sys
16:41:03.0297 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rasl2
tp.sys. Real md5: BF5D2350D0CD373BE05911DA4A7F21E3, Fake md5: 471815800AE33E6F1C
32FB1B97C490CA
16:41:03.0297 10700 Rasl2tp ( ForgedFile.Multi.Generic ) - warning
16:41:03.0297 10700 Rasl2tp - detected ForgedFile.Multi.Generic (1)
16:41:03.0331 10700 [ E265B60A4AF7915C7064C2B7AEC8E1D2 ] RasMan
C:\Win
dows\System32\rasmans.dll
16:41:03.0351 10700 Suspicious file (Forged): C:\Windows\System32\rasmans.dll.
Real md5: E265B60A4AF7915C7064C2B7AEC8E1D2, Fake md5: EE867A0870FC9E4972BA9EAAD3
5651E2
16:41:03.0352 10700 RasMan ( ForgedFile.Multi.Generic ) - warning
16:41:03.0352 10700 RasMan - detected ForgedFile.Multi.Generic (1)
16:41:03.0375 10700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe
C:\Win
dows\system32\DRIVERS\raspppoe.sys
16:41:03.0376 10700 RasPppoe - ok
16:41:03.0389 10700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp
C:\Win
dows\system32\DRIVERS\rassstp.sys
16:41:03.0391 10700 RasSstp - ok
16:41:03.0411 10700 [ 13F155753E1D4E9B6D6B1B362C9A7233 ] rdbss
C:\Win
dows\system32\DRIVERS\rdbss.sys
16:41:03.0427 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss
.sys. Real md5: 13F155753E1D4E9B6D6B1B362C9A7233, Fake md5: 77F665941019A1594D88
7A74F301FA2F
16:41:03.0428 10700 rdbss ( ForgedFile.Multi.Generic ) - warning
16:41:03.0428 10700 rdbss - detected ForgedFile.Multi.Generic (1)
16:41:03.0443 10700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus
C:\Win
dows\system32\DRIVERS\rdpbus.sys
16:41:03.0445 10700 rdpbus - ok
16:41:03.0471 10700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD
C:\Win
dows\system32\DRIVERS\RDPCDD.sys
16:41:03.0472 10700 RDPCDD - ok
16:41:03.0484 10700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD
C:\Win
dows\system32\drivers\rdpencdd.sys
16:41:03.0485 10700 RDPENCDD - ok
16:41:03.0494 10700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP
C:\Win
dows\system32\drivers\rdprefmp.sys
16:41:03.0496 10700 RDPREFMP - ok
16:41:03.0511 10700 [ F1FBD4759044EA9A244E583F71FD94E1 ] RDPWD
C:\Win
dows\system32\drivers\RDPWD.sys
16:41:03.0519 10700 Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD
dows\system32\drivers\sbp2port.sys
16:41:03.0968 10700 sbp2port - ok
16:41:03.0985 10700 [ 8581913F73B26304A3DAFF46D9FC2B6D ] SCardSvr
C:\Win
dows\System32\SCardSvr.dll
16:41:03.0995 10700 Suspicious file (Forged): C:\Windows\System32\SCardSvr.dll.
Real md5: 8581913F73B26304A3DAFF46D9FC2B6D, Fake md5: 9B7395789E3791A3B6D000FE6
F8B131E
16:41:03.0996 10700 SCardSvr ( ForgedFile.Multi.Generic ) - warning
16:41:03.0996 10700 SCardSvr - detected ForgedFile.Multi.Generic (1)
16:41:04.0028 10700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter
C:\Win
dows\system32\DRIVERS\scfilter.sys
16:41:04.0029 10700 scfilter - ok
16:41:04.0054 10700 [ B001E8346CD336D37D45A3D614A6B54B ] Schedule
C:\Win
dows\system32\schedsvc.dll
16:41:04.0081 10700 Suspicious file (Forged): C:\Windows\system32\schedsvc.dll.
Real md5: B001E8346CD336D37D45A3D614A6B54B, Fake md5: 262F6592C3299C005FD6BEC90
FC4463A
16:41:04.0084 10700 Schedule ( ForgedFile.Multi.Generic ) - warning
16:41:04.0084 10700 Schedule - detected ForgedFile.Multi.Generic (1)
16:41:04.0111 10700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc
C:\Win
dows\System32\certprop.dll
16:41:04.0112 10700 SCPolicySvc - ok
16:41:04.0154 10700 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus
C:\Win
dows\system32\drivers\sdbus.sys
16:41:04.0156 10700 sdbus - ok
16:41:04.0185 10700 [ 718760248EFD4756E809C731ADAF347B ] SDRSVC
C:\Win
dows\System32\SDRSVC.dll
16:41:04.0202 10700 Suspicious file (Forged): C:\Windows\System32\SDRSVC.dll. R
eal md5: 718760248EFD4756E809C731ADAF347B, Fake md5: 6EA4234DC55346E0709560FE7C2
C1972
16:41:04.0203 10700 SDRSVC ( ForgedFile.Multi.Generic ) - warning
16:41:04.0203 10700 SDRSVC - detected ForgedFile.Multi.Generic (1)
16:41:04.0227 10700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv
C:\Win
dows\system32\drivers\secdrv.sys
16:41:04.0243 10700 secdrv - ok
16:41:04.0269 10700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon
C:\Win
dows\system32\seclogon.dll
16:41:04.0271 10700 seclogon - ok
16:41:04.0297 10700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS
C:\Win
dows\System32\sens.dll
16:41:04.0299 10700 SENS - ok
16:41:04.0327 10700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc
C:\Win
dows\system32\sensrsvc.dll
16:41:04.0329 10700 SensrSvc - ok
16:41:04.0364 10700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum
C:\Win
dows\system32\DRIVERS\serenum.sys
16:41:04.0380 10700 Serenum - ok
16:41:04.0398 10700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
C:\Win
dows\system32\DRIVERS\serial.sys
16:41:04.0400 10700 Serial - ok
16:41:04.0434 10700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse
C:\Win
dows\system32\DRIVERS\sermouse.sys
16:41:04.0435 10700 sermouse - ok
16:41:04.0511 10700 [ A9DAE23C8CA1BA670997267B7B382AD4 ] SessionEnv
C:\Win
dows\system32\sessenv.dll
16:41:04.0526 10700 Suspicious file (Forged): C:\Windows\system32\sessenv.dll.
Real md5: A9DAE23C8CA1BA670997267B7B382AD4, Fake md5: 0B6231BF38174A1628C4AC812C
C75804
16:41:04.0527 10700 SessionEnv ( ForgedFile.Multi.Generic ) - warning
16:41:04.0527 10700 SessionEnv - detected ForgedFile.Multi.Generic (1)
dows\System32\ssdpsrv.dll
16:41:05.0500 10700 Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll.
Real md5: 3FAA64A9833D04C95E49398B1B4E11AA, Fake md5: 51B52FBD583CDE8AA9BA62B8B4
298F33
16:41:05.0500 10700 SSDPSRV ( ForgedFile.Multi.Generic ) - warning
16:41:05.0501 10700 SSDPSRV - detected ForgedFile.Multi.Generic (1)
16:41:05.0513 10700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc
C:\Win
dows\system32\sstpsvc.dll
16:41:05.0516 10700 SstpSvc - ok
16:41:05.0537 10700 [ A6761BA0C8FA8DE5851AF7A679112599 ] ss_bus
C:\Win
dows\system32\DRIVERS\ss_bus.sys
16:41:05.0555 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ss_bu
s.sys. Real md5: A6761BA0C8FA8DE5851AF7A679112599, Fake md5: D21FF3592DAEE244EE8
376830A672B52
16:41:05.0556 10700 ss_bus ( ForgedFile.Multi.Generic ) - warning
16:41:05.0556 10700 ss_bus - detected ForgedFile.Multi.Generic (1)
16:41:05.0601 10700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor
C:\Win
dows\system32\DRIVERS\stexstor.sys
16:41:05.0602 10700 stexstor - ok
16:41:05.0634 10700 [ 97AD8CDF092E54B27C3D0C0B2A0F0849 ] stisvc
C:\Win
dows\System32\wiaservc.dll
16:41:05.0657 10700 Suspicious file (Forged): C:\Windows\System32\wiaservc.dll.
Real md5: 97AD8CDF092E54B27C3D0C0B2A0F0849, Fake md5: 8DD52E8E6128F4B2DA92CE274
02871C1
16:41:05.0658 10700 stisvc ( ForgedFile.Multi.Generic ) - warning
16:41:05.0658 10700 stisvc - detected ForgedFile.Multi.Generic (1)
16:41:05.0684 10700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum
C:\Win
dows\system32\drivers\swenum.sys
16:41:05.0685 10700 swenum - ok
16:41:05.0705 10700 [ 59071590099D21DD439896592338BF95 ] swprv
C:\Win
dows\System32\swprv.dll
16:41:05.0727 10700 Suspicious file (Forged): C:\Windows\System32\swprv.dll. Re
al md5: 59071590099D21DD439896592338BF95, Fake md5: E08E46FDD841B7184194011CA195
5A0B
16:41:05.0729 10700 swprv ( ForgedFile.Multi.Generic ) - warning
16:41:05.0729 10700 swprv - detected ForgedFile.Multi.Generic (1)
16:41:05.0767 10700 [ 411258D8A39220B4817EB2F55C4D8FEE ] SysMain
C:\Win
dows\system32\sysmain.dll
16:41:05.0809 10700 Suspicious file (Forged): C:\Windows\system32\sysmain.dll.
Real md5: 411258D8A39220B4817EB2F55C4D8FEE, Fake md5: BF9CCC0BF39B418C8D0AE8B05C
F95B7D
16:41:05.0814 10700 SysMain ( ForgedFile.Multi.Generic ) - warning
16:41:05.0814 10700 SysMain - detected ForgedFile.Multi.Generic (1)
16:41:05.0847 10700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\
Windows\System32\TabSvc.dll
16:41:05.0850 10700 TabletInputService - ok
16:41:05.0871 10700 [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv
C:\Win
dows\System32\tapisrv.dll
16:41:05.0892 10700 Suspicious file (Forged): C:\Windows\System32\tapisrv.dll.
Real md5: 3A05225B4172D0FA20107BD503A84681, Fake md5: 40F0849F65D13EE87B9A9AE3C1
DD6823
16:41:05.0893 10700 TapiSrv ( ForgedFile.Multi.Generic ) - warning
16:41:05.0893 10700 TapiSrv - detected ForgedFile.Multi.Generic (1)
16:41:05.0933 10700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS
C:\Win
dows\System32\tbssvc.dll
16:41:05.0935 10700 TBS - ok
16:41:05.0969 10700 [ C7CE09C1A058F0654866D19049232316 ] Tcpip
C:\Win
dows\system32\drivers\tcpip.sys
16:41:06.0020 10700 Suspicious file (Forged): C:\Windows\system32\drivers\tcpip
.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764
A29C34A22899
16:41:06.0025 10700 Tcpip ( ForgedFile.Multi.Generic ) - warning
16:41:06.0025 10700 Tcpip - detected ForgedFile.Multi.Generic (1)
16:41:06.0048 10700 [ C7CE09C1A058F0654866D19049232316 ] TCPIP6
C:\Win
dows\system32\DRIVERS\tcpip.sys
16:41:06.0086 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip
.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764
A29C34A22899
16:41:06.0091 10700 TCPIP6 ( ForgedFile.Multi.Generic ) - warning
16:41:06.0091 10700 TCPIP6 - detected ForgedFile.Multi.Generic (1)
16:41:06.0133 10700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg
C:\Win
dows\system32\drivers\tcpipreg.sys
16:41:06.0134 10700 tcpipreg - ok
16:41:06.0169 10700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE
C:\Win
dows\system32\drivers\tdpipe.sys
16:41:06.0170 10700 TDPIPE - ok
16:41:06.0183 10700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP
C:\Win
dows\system32\drivers\tdtcp.sys
16:41:06.0184 10700 TDTCP - ok
16:41:06.0214 10700 [ 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A ] tdx
C:\Win
dows\system32\DRIVERS\tdx.sys
16:41:06.0226 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.s
ys. Real md5: 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A, Fake md5: DDAD5A7AB24D8B65F8D724
F5C20FD806
16:41:06.0227 10700 tdx ( ForgedFile.Multi.Generic ) - warning
16:41:06.0227 10700 tdx - detected ForgedFile.Multi.Generic (1)
16:41:06.0259 10700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD
C:\Win
dows\system32\drivers\termdd.sys
16:41:06.0260 10700 TermDD - ok
16:41:06.0273 10700 [ 08D4C02950BB5DAD4FC126E2AF2AA66F ] TermService
C:\Win
dows\System32\termsrv.dll
16:41:06.0298 10700 Suspicious file (Forged): C:\Windows\System32\termsrv.dll.
Real md5: 08D4C02950BB5DAD4FC126E2AF2AA66F, Fake md5: 2E648163254233755035B46DD7
B89123
16:41:06.0300 10700 TermService ( ForgedFile.Multi.Generic ) - warning
16:41:06.0300 10700 TermService - detected ForgedFile.Multi.Generic (1)
16:41:06.0349 10700 [ F0344071948D1A1FA732231785A0664C ] Themes
C:\Win
dows\system32\themeservice.dll
16:41:06.0370 10700 Themes - ok
16:41:06.0393 10700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER
C:\Win
dows\system32\mmcss.dll
16:41:06.0395 10700 THREADORDER - ok
16:41:06.0431 10700 [ 075F78AFFB479E0089DC0877EDFCF141 ] TmFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
16:41:06.0447 10700 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\TmXPFlt.sys. Real md5: 075F78AFFB479E0089DC0877EDFCF141, Fak
e md5: 7473EE150FF40460166470B59A765091
16:41:06.0447 10700 TmFilter ( ForgedFile.Multi.Generic ) - warning
16:41:06.0447 10700 TmFilter - detected ForgedFile.Multi.Generic (1)
16:41:06.0494 10700 [ 44469AB6C1D3DAD5A1DD9E337464E67F ] tmlisten
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
16:41:06.0543 10700 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\tmlisten.exe. Real md5: 44469AB6C1D3DAD5A1DD9E337464E67F, Fa
ke md5: 72FD200F1B49E83969D252E5EFF6B6D1
16:41:06.0550 10700 tmlisten ( ForgedFile.Multi.Generic ) - warning
16:41:06.0550 10700 tmlisten - detected ForgedFile.Multi.Generic (1)
16:41:06.0584 10700 [ 5E56A8E5436AB08C637C457A88524E87 ] TmPreFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
16:41:06.0585 10700 TmPreFilter - ok
16:41:06.0595 10700 [ F3FF1337A57E252C40E9EDABC4F1BB33 ] TmProxy
C:\Pro
848EDD
16:41:09.0135 10700 wcncsvc ( ForgedFile.Multi.Generic ) - warning
16:41:09.0135 10700 wcncsvc - detected ForgedFile.Multi.Generic (1)
16:41:09.0146 10700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Wi
ndows\System32\WcsPlugInService.dll
16:41:09.0150 10700 WcsPlugInService - ok
16:41:09.0171 10700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd
C:\Win
dows\system32\DRIVERS\wd.sys
16:41:09.0172 10700 Wd - ok
16:41:09.0201 10700 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM
C:\Win
dows\system32\DRIVERS\wdcsam64.sys
16:41:09.0202 10700 WDC_SAM - ok
16:41:09.0217 10700 [ D5490C8CA364A67AD46BC77A212ECF0E ] Wdf01000
C:\Win
dows\system32\drivers\Wdf01000.sys
16:41:09.0238 10700 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01
000.sys. Real md5: D5490C8CA364A67AD46BC77A212ECF0E, Fake md5: 442783E2CB0DA1987
3B7A63833FF4CB4
16:41:09.0240 10700 Wdf01000 ( ForgedFile.Multi.Generic ) - warning
16:41:09.0241 10700 Wdf01000 - detected ForgedFile.Multi.Generic (1)
16:41:09.0250 10700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Win
dows\system32\wdi.dll
16:41:09.0253 10700 WdiServiceHost - ok
16:41:09.0257 10700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Win
dows\system32\wdi.dll
16:41:09.0259 10700 WdiSystemHost - ok
16:41:09.0287 10700 [ 10E51E4DC536BBE7CCE80D852585860E ] WebClient
C:\Win
dows\System32\webclnt.dll
16:41:09.0301 10700 Suspicious file (Forged): C:\Windows\System32\webclnt.dll.
Real md5: 10E51E4DC536BBE7CCE80D852585860E, Fake md5: 3DB6D04E1C64272F8B14EB8BC4
616280
16:41:09.0301 10700 WebClient ( ForgedFile.Multi.Generic ) - warning
16:41:09.0301 10700 WebClient - detected ForgedFile.Multi.Generic (1)
16:41:09.0314 10700 [ 05E5A05F373C3DA1AE7488A7C2338D37 ] Wecsvc
C:\Win
dows\system32\wecsvc.dll
16:41:09.0329 10700 Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. R
eal md5: 05E5A05F373C3DA1AE7488A7C2338D37, Fake md5: C749025A679C5103E575E3B48E0
92C43
16:41:09.0330 10700 Wecsvc ( ForgedFile.Multi.Generic ) - warning
16:41:09.0330 10700 Wecsvc - detected ForgedFile.Multi.Generic (1)
16:41:09.0341 10700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Win
dows\System32\wercplsupport.dll
16:41:09.0343 10700 wercplsupport - ok
16:41:09.0356 10700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc
C:\Win
dows\System32\WerSvc.dll
16:41:09.0359 10700 WerSvc - ok
16:41:09.0391 10700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf
C:\Win
dows\system32\DRIVERS\wfplwf.sys
16:41:09.0392 10700 WfpLwf - ok
16:41:09.0404 10700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount
C:\Win
dows\system32\drivers\wimmount.sys
16:41:09.0405 10700 WIMMount - ok
16:41:09.0440 10700 WinDefend - ok
16:41:09.0462 10700 WinHttpAutoProxySvc - ok
16:41:09.0497 10700 [ 689CB8A9930F9D6F3838F751619FA22F ] Winmgmt
C:\Win
dows\system32\wbem\WMIsvc.dll
16:41:09.0511 10700 Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.d
ll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: 19B07E7E8915D701225DA4
1CB3877306
16:41:09.0512 10700 Winmgmt ( ForgedFile.Multi.Generic ) - warning
16:41:09.0512 10700 Winmgmt - detected ForgedFile.Multi.Generic (1)
uarantine
16:41:34.0574 6052 C:\Windows\System32\Drivers\Brserid.sys - copied to quaranti
ne
16:41:34.0615 6052 Brserid ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0703 6052 C:\Windows\System32\Drivers\BTHport.sys - copied to quaranti
ne
16:41:34.0774 6052 BTHPORT ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0829 6052 C:\Windows\system32\drivers\btwavdt.sys - copied to quaranti
ne
16:41:34.0844 6052 btwavdt ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0976 6052 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe - co
pied to quarantine
16:41:35.0064 6052 btwdins ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:35.0110 6052 C:\Windows\system32\DRIVERS\cdrom.sys - copied to quarantine
16:41:35.0126 6052 cdrom ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:35.0191 6052 C:\Windows\system32\CLFS.sys - copied to quarantine
16:41:35.0518 6052 CLFS ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:35.0698 6052 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe copied to quarantine
16:41:35.0729 6052 clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic )
- User select action: Quarantine
16:41:35.0813 6052 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
- copied to quarantine
16:41:35.0829 6052 clr_optimization_v4.0.30319_64 ( ForgedFile.Multi.Generic )
- User select action: Quarantine
16:41:35.0875 6052 C:\Windows\system32\Drivers\cng.sys - copied to quarantine
16:41:35.0895 6052 CNG ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:35.0944 6052 C:\Windows\system32\cryptsvc.dll - copied to quarantine
16:41:35.0960 6052 CryptSvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:36.0049 6052 C:\Windows\system32\rpcss.dll - copied to quarantine
16:41:36.0074 6052 DcomLaunch ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:36.0149 6052 C:\Windows\System32\defragsvc.dll - copied to quarantine
16:41:36.0165 6052 defragsvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:36.0230 6052 C:\Windows\system32\dhcpcore.dll - copied to quarantine
16:41:36.0261 6052 Dhcp ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:36.0336 6052 C:\Windows\System32\dnsrslvr.dll - copied to quarantine
16:41:36.0375 6052 Dnscache ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:36.0417 6052 C:\Windows\System32\dot3svc.dll - copied to quarantine
16:41:36.0454 6052 dot3svc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:36.0532 6052 C:\Windows\system32\dps.dll - copied to quarantine
16:41:36.0580 6052 DPS ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:36.0647 6052 C:\Windows\System32\drivers\dxgkrnl.sys - copied to quaranti
ne
16:41:36.0751 6052 DXGKrnl ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:36.0812 6052 C:\Windows\system32\DRIVERS\e1y62x64.sys - copied to quarant
ine
16:41:36.0846 6052 e1yexpress ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:36.0997 6052 C:\Windows\system32\DRIVERS\evbda.sys - copied to quarantine
16:41:37.0278 6052 ebdrv ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:37.0406 6052 C:\Windows\ehome\ehRecvr.exe - copied to quarantine
16:41:37.0472 6052 ehRecvr ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:37.0509 6052 C:\Windows\ehome\ehsched.exe - copied to quarantine
16:41:37.0528 6052 ehSched ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:37.0573 6052 C:\Windows\system32\DRIVERS\elxstor.sys - copied to quaranti
ne
16:41:37.0589 6052 elxstor ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:37.0700 6052 C:\Windows\system32\es.dll - copied to quarantine
16:41:37.0719 6052 EventSystem ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:37.0775 6052 C:\Windows\system32\drivers\exfat.sys - copied to quarantine
16:41:37.0792 6052 exfat ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:37.0856 6052 C:\Windows\system32\drivers\fastfat.sys - copied to quaranti
ne
16:41:37.0896 6052 fastfat ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:38.0007 6052 C:\Windows\system32\fxssvc.exe - copied to quarantine
16:41:38.0061 6052 Fax ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:38.0283 6052 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXn
et Publisher\FNPLicensingService.exe - copied to quarantine
16:41:38.0345 6052 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - Use
r select action: Quarantine
16:41:38.0420 6052 C:\Windows\system32\drivers\fltmgr.sys - copied to quarantin
e
16:41:38.0481 6052 FltMgr ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:38.0581 6052 C:\Windows\system32\FntCache.dll - copied to quarantine
16:41:38.0599 6052 FontCache ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:38.0687 6052 C:\Windows\system32\DRIVERS\fvevol.sys - copied to quarantin
e
16:41:38.0707 6052 fvevol ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:38.0773 6052 C:\Windows\System32\gpsvc.dll - copied to quarantine
16:41:38.0837 6052 gpsvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:38.0983 6052 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - copi
ed to quarantine
16:41:39.0006 6052 gupdate ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:39.0041 6052 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - copi
ed to quarantine
16:41:39.0074 6052 gupdatem ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:39.0195 6052 C:\Program Files (x86)\Google\Common\Google Updater\GoogleUp
daterService.exe - copied to quarantine
16:41:39.0235 6052 gusvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:39.0292 6052 C:\Windows\system32\drivers\HdAudio.sys - copied to quaranti
ne
16:41:39.0309 6052 HdAudAddService ( ForgedFile.Multi.Generic ) - User select a
ction: Quarantine
16:41:39.0362 6052 C:\Windows\system32\drivers\HDAudBus.sys - copied to quarant
ine
16:41:39.0409 6052 HDAudBus ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:39.0459 6052 C:\Windows\system32\ListSvc.dll - copied to quarantine
16:41:39.0493 6052 HomeGroupListener ( ForgedFile.Multi.Generic ) - User select
action: Quarantine
16:41:39.0551 6052 C:\Windows\system32\provsvc.dll - copied to quarantine
16:41:39.0593 6052 HomeGroupProvider ( ForgedFile.Multi.Generic ) - User select
action: Quarantine
16:41:39.0659 6052 C:\Windows\system32\drivers\HTTP.sys - copied to quarantine
16:41:39.0676 6052 HTTP ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:39.0757 6052 C:\Windows\system32\drivers\iaStorV.sys - copied to quaranti
ne
16:41:39.0823 6052 iaStorV ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:39.0978 6052 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communicat
ion Foundation\infocard.exe - copied to quarantine
16:41:40.0129 6052 idsvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:40.0197 6052 C:\Windows\System32\ikeext.dll - copied to quarantine
16:41:40.0248 6052 IKEEXT ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:40.0378 6052 C:\Windows\system32\drivers\RTKVHD64.sys - copied to quarant
ine
16:41:40.0488 6052 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User sele
ct action: Quarantine
16:41:40.0598 6052 C:\Windows\System32\iphlpsvc.dll - copied to quarantine
16:41:40.0836 6052 iphlpsvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:40.0975 6052 C:\Program Files\iPod\bin\iPodService.exe - copied to quaran
tine
16:41:41.0038 6052 iPod Service ( ForgedFile.Multi.Generic ) - User select acti
on: Quarantine
16:41:41.0087 6052 C:\Windows\system32\drivers\msiscsi.sys - copied to quaranti
ne
16:41:41.0106 6052 iScsiPrt ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:41.0188 6052 C:\Windows\system32\Drivers\ksecpkg.sys - copied to quaranti
ne
16:41:41.0208 6052 KSecPkg ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:41.0311 6052 C:\Windows\system32\msdtckrm.dll - copied to quarantine
16:41:41.0358 6052 KtmRm ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:41.0404 6052 C:\Windows\system32\srvsvc.dll - copied to quarantine
16:41:41.0440 6052 LanmanServer ( ForgedFile.Multi.Generic ) - User select acti
on: Quarantine
16:41:41.0502 6052 C:\Windows\System32\lltdsvc.dll - copied to quarantine
16:41:41.0518 6052 lltdsvc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:41.0558 6052 C:\Windows\system32\DRIVERS\MegaSR.sys - copied to quarantin
e
16:41:41.0597 6052 MegaSR ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:41.0651 6052 C:\Windows\system32\drivers\mpio.sys - copied to quarantine
16:41:41.0668
antine
16:41:41.0742
16:41:41.0810
arantine
16:41:41.0857
e
16:41:41.0873
arantine
16:41:41.0910
e
16:41:41.0927
arantine
16:41:41.0981
ine
16:41:42.0002
Quarantine
16:41:42.0071
ine
16:41:42.0090
Quarantine
16:41:42.0167
16:41:42.0191
rantine
16:41:42.0252
16:41:42.0305
rantine
16:41:42.0357
16:41:42.0372
uarantine
16:41:42.0443
16:41:42.0489
rantine
16:41:42.0609
16:41:42.0627
Quarantine
16:41:42.0738
16:41:42.0769
n: Quarantine
16:41:42.0839
16:41:42.0974
antine
16:41:43.0071
ne
16:41:43.0091
uarantine
16:41:43.0148
16:41:43.0189
rantine
16:41:43.0260
16:41:43.0287
arantine
16:41:43.0328
16:41:43.0390
Quarantine
16:41:43.0445
16:41:43.0461
arantine
16:41:43.0587
16:41:43.0680
antine
16:41:43.0848 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtsca
n.exe - copied to quarantine
16:41:43.0867 6052 ntrtscan ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:44.0433 6052 C:\Windows\system32\DRIVERS\nvlddmkm.sys - copied to quarant
ine
16:41:44.0907 6052 nvlddmkm ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:44.0999 6052 C:\Windows\system32\drivers\nvraid.sys - copied to quarantin
e
16:41:45.0016 6052 nvraid ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0059 6052 C:\Windows\system32\drivers\nvstor.sys - copied to quarantin
e
16:41:45.0100 6052 nvstor ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0140 6052 C:\Windows\system32\nvvsvc.exe - copied to quarantine
16:41:45.0220 6052 nvsvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:45.0281 6052 C:\Windows\system32\drivers\nv_agp.sys - copied to quarantin
e
16:41:45.0299 6052 nv_agp ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0360 6052 C:\Program Files (x86)\Common Files\Microsoft Shared\Source
Engine\OSE.EXE - copied to quarantine
16:41:45.0382 6052 ose ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:45.0448 6052 C:\Windows\system32\pnrpsvc.dll - copied to quarantine
16:41:45.0492 6052 p2pimsvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:45.0551 6052 C:\Windows\system32\p2psvc.dll - copied to quarantine
16:41:45.0643 6052 p2psvc ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0681 6052 C:\Windows\System32\pcasvc.dll - copied to quarantine
16:41:45.0729 6052 PcaSvc ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0765 6052 C:\Windows\system32\drivers\pci.sys - copied to quarantine
16:41:45.0913 6052 pci ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:46.0104 6052 C:\Windows\system32\DRIVERS\pcmcia.sys - copied to quarantin
e
16:41:46.0135 6052 pcmcia ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:46.0208 6052 C:\Windows\system32\drivers\peauth.sys - copied to quarantin
e
16:41:46.0231 6052 PEAUTH ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:46.0325 6052 C:\Windows\system32\pla.dll - copied to quarantine
16:41:46.0362 6052 pla ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:46.0413 6052 C:\Windows\system32\umpnpmgr.dll - copied to quarantine
16:41:46.0432 6052 PlugPlay ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:46.0465 6052 C:\Windows\system32\pnrpsvc.dll - copied to quarantine
16:41:46.0480 6052 PNRPsvc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:46.0557 6052 C:\Windows\System32\ipsecsvc.dll - copied to quarantine
16:41:46.0630 6052 PolicyAgent ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:46.0708 6052
16:41:46.0731 6052
rantine
16:41:46.0821 6052
16:41:46.0839 6052
uarantine
16:41:46.0912 6052
16:41:46.0997 6052
arantine
16:41:47.0084 6052
e
16:41:47.0216 6052
arantine
16:41:47.0333 6052
e
16:41:47.0350 6052
arantine
16:41:47.0437 6052
16:41:47.0501 6052
rantine
16:41:47.0563 6052
ne
16:41:47.0593 6052
uarantine
16:41:47.0646 6052
16:41:47.0661 6052
arantine
16:41:47.0707 6052
16:41:47.0724 6052
rantine
16:41:47.0788 6052
16:41:47.0805 6052
rantine
16:41:47.0888 6052
ine
16:41:47.0906 6052
Quarantine
16:41:47.0947 6052
16:41:47.0962 6052
tion: Quarantine
16:41:48.0006 6052
e
16:41:48.0038 6052
arantine
16:41:48.0097 6052
16:41:48.0129 6052
rantine
16:41:48.0198 6052
16:41:48.0237 6052
Quarantine
16:41:48.0326 6052
16:41:48.0460 6052
Quarantine
16:41:48.0547 6052
16:41:48.0562 6052
arantine
16:41:48.0671 6052
16:41:48.0685 6052
: Quarantine
16:41:48.0779 6052
: Quarantine
16:41:53.0851 6052 C:\Program Files\Sony\VCM Intelligent Network Service Manage
r\VcmINSMgr.exe - copied to quarantine
16:41:53.0921 6052 VcmINSMgr ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:53.0992 6052 C:\Windows\System32\vds.exe - copied to quarantine
16:41:54.0073 6052 vds ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:54.0134 6052 C:\Windows\system32\drivers\vhdmp.sys - copied to quarantine
16:41:54.0172 6052 vhdmp ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:54.0230 6052 C:\Windows\system32\drivers\volmgrx.sys - copied to quaranti
ne
16:41:54.0248 6052 volmgrx ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0314 6052 C:\Windows\system32\drivers\volsnap.sys - copied to quaranti
ne
16:41:54.0330 6052 volsnap ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0431 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt
.sys - copied to quarantine
16:41:54.0475 6052 VSApiNt ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0596 6052 C:\Windows\system32\DRIVERS\vsmraid.sys - copied to quaranti
ne
16:41:54.0664 6052 vsmraid ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0740 6052 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe - co
pied to quarantine
16:41:54.0804 6052 VSNService ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:54.0937 6052 C:\Windows\system32\vssvc.exe - copied to quarantine
16:41:55.0045 6052 VSS ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:55.0161 6052 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolb
arUpdater\15.2.0\ToolbarUpdater.exe - copied to quarantine
16:41:55.0260 6052 vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - User se
lect action: Quarantine
16:41:55.0342 6052 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Enterta
inment Platform\VzCdb\VzCdbSvc.exe - copied to quarantine
16:41:55.0386 6052 VzCdbSvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:55.0479 6052 C:\Windows\system32\w32time.dll - copied to quarantine
16:41:55.0499 6052 W32Time ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:55.0627 6052 C:\Windows\system32\Wat\WatAdminSvc.exe - copied to quaranti
ne
16:41:55.0677 6052 WatAdminSvc ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:55.0789 6052 C:\Windows\system32\wbengine.exe - copied to quarantine
16:41:55.0845 6052 wbengine ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:55.0926 6052 C:\Windows\System32\wbiosrvc.dll - copied to quarantine
16:41:55.0956 6052 WbioSrvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:56.0068 6052 C:\Windows\System32\wcncsvc.dll - copied to quarantine
16:41:56.0086 6052 wcncsvc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:56.0216 6052 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarant
ine
16:41:56.0237
Quarantine
16:41:56.0323
16:41:56.0338
Quarantine
16:41:56.0485
16:41:56.0513
arantine
16:41:56.0626
16:41:56.0641
uarantine
16:41:56.0930
16:41:57.0070
rantine
16:41:57.0188
16:41:57.0269
uarantine
16:41:57.0353
16:41:57.0375
Quarantine
16:41:57.0568
16:41:57.0872
Quarantine
16:41:57.0928
e
16:41:57.0963
arantine
16:41:58.0038
16:41:58.0053
uarantine
16:42:03.0899