Хм, странная движуха у вас там:
==============================================================================================
id: 23538, timestamp: 15:47:01.209, type: FileExecDelete (55), flags: 1 (wait: 1)
sid: S-1-5-18, cid: 160/4076:\Device\HarddiskVolume2\Windows\System32\svchost.exe
context: start addr: 0x7fefb9bccec, image: 0x7fefb9a0000:\Device\HarddiskVolume2\Windows\System32\gpsvc.dll
delete new executable: \Device\HarddiskVolume2\Users\vv.labuz\passgen\Password generator v2.exe
id: 23538 ==> allowed [2], time: 0.073639 ms
==============================================================================================
id: 23539, timestamp: 15:47:01.310, type: FileExecWrite (53), flags: 1 (wait: 1)
sid: S-1-5-18, cid: 160/4076:\Device\HarddiskVolume2\Windows\System32\svchost.exe
context: start addr: 0x7fefb9bccec, image: 0x7fefb9a0000:\Device\HarddiskVolume2\Windows\System32\gpsvc.dll
fileinfo: size: 538624, easize: 39, attr: 0x20, buildtime: 20.06.1992 06:22:17.000, ctime: 23.10.2018 15:09:34.294, atime: 29.01.2019 15:47:01.259, mtime: 10.07.2011 16:01:04.015, descr: , ver: , company: , oname:
hash: d732f6c28815413b646817a17d8b54ba6950f101 status: unsigned, pe32 / unsigned / unknown / unknown
drop new executable: \Device\HarddiskVolume2\Users\vv.labuz\passgen\Password generator v2.exe
id: 23539 ==> allowed [2], time: 8.326468 ms
==============================================================================================