Today, 13/03/2023 05:18:31 Task started avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9 IB-11-0322758\Iain Active user Today, 13/03/2023 04:45:55 Task stopped avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9 IB-11-0322758\Iain Active user Today, 13/03/2023 04:43:51 Task started avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9 IB-11-0322758\Iain Active user Today, 13/03/2023 02:41:37 Task stopped avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.9 IB-11-0322758\Iain Active user Yesterday, 12/03/2023 14:12:43 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2780 IB-11-0322758\Iain Initiator Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 14:12:26 A backup copy of the object was created Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2780 IB-11-0322758\Iain Initiator Backup copy created: PDM:Trojan.Win32.Bazon.a Backup copy created PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 14:12:26 Process terminated Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2780 IB-11-0322758\Iain Initiator Terminated: PDM:Trojan.Win32.Bazon.a Terminated PDM:Trojan.Win32.Bazon.a Trojan High Exactly wscript.exe wscript.exe C:\Windows\System32 Process Yesterday, 12/03/2023 14:12:26 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2780 IB-11-0322758\Iain Initiator Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 14:00:21 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 18504 IB-11-0322758\Iain Active user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 14:00:20 Process terminated Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 18504 IB-11-0322758\Iain Active user Terminated: PDM:Trojan.Win32.Bazon.a Terminated PDM:Trojan.Win32.Bazon.a Trojan High Exactly wscript.exe wscript.exe C:\Windows\System32 Process Yesterday, 12/03/2023 14:00:20 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 18504 IB-11-0322758\Iain Active user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 14:00:16 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 19256 IB-11-0322758\Iain Active user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 14:00:01 A backup copy of the object was created Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 19256 IB-11-0322758\Iain Active user Backup copy created: PDM:Trojan.Win32.Bazon.a Backup copy created PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 14:00:01 Process terminated Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 19256 IB-11-0322758\Iain Active user Terminated: PDM:Trojan.Win32.Bazon.a Terminated PDM:Trojan.Win32.Bazon.a Trojan High Exactly wscript.exe wscript.exe C:\Windows\System32 Process Yesterday, 12/03/2023 14:00:01 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 19256 IB-11-0322758\Iain Active user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 13:48:59 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 9600 NT AUTHORITY\SYSTEM System user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:48:44 A backup copy of the object was created Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 9600 NT AUTHORITY\SYSTEM System user Backup copy created: PDM:Trojan.Win32.Bazon.a Backup copy created PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:48:44 Process terminated Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 9600 NT AUTHORITY\SYSTEM System user Terminated: PDM:Trojan.Win32.Bazon.a Terminated PDM:Trojan.Win32.Bazon.a Trojan High Exactly wscript.exe wscript.exe C:\Windows\System32 Process Yesterday, 12/03/2023 13:48:44 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 9600 NT AUTHORITY\SYSTEM System user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 13:42:12 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2012 NT AUTHORITY\SYSTEM System user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:41:58 A backup copy of the object was created Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2012 NT AUTHORITY\SYSTEM System user Backup copy created: PDM:Trojan.Win32.Bazon.a Backup copy created PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:41:58 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 2012 NT AUTHORITY\SYSTEM System user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 13:30:51 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 21044 NT AUTHORITY\SYSTEM System user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:30:21 A backup copy of the object was created Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 21044 NT AUTHORITY\SYSTEM System user Backup copy created: PDM:Trojan.Win32.Bazon.a Backup copy created PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:30:21 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 21044 NT AUTHORITY\SYSTEM System user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 13:29:32 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 15996 NT AUTHORITY\SYSTEM System user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 13:29:32 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 15996 NT AUTHORITY\SYSTEM System user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis Yesterday, 12/03/2023 11:20:21 Object deleted Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 20708 IB-11-0322758\Iain Active user Deleted: PDM:Trojan.Win32.Bazon.a Deleted PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 11:20:01 A backup copy of the object was created Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 20708 IB-11-0322758\Iain Active user Backup copy created: PDM:Trojan.Win32.Bazon.a Backup copy created PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Yesterday, 12/03/2023 11:20:01 Process terminated Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 20708 IB-11-0322758\Iain Active user Terminated: PDM:Trojan.Win32.Bazon.a Terminated PDM:Trojan.Win32.Bazon.a Trojan High Exactly wscript.exe wscript.exe C:\Windows\System32 Process Yesterday, 12/03/2023 11:20:01 Malicious object detected Microsoft ® Windows Based Script Host wscript.exe C:\Windows\System32 20708 IB-11-0322758\Iain Active user Detected: PDM:Trojan.Win32.Bazon.a Detected PDM:Trojan.Win32.Bazon.a Trojan High Exactly GetIP.vbs GetIP.vbs D:\Websites\public_html\vantage\ip Process Behavior analysis