Hello All,
I'm trying to figure out if this detection is valid or a false positive. The computer is running Windows 7 and Office 2007.
PathC:\Windows\SysWOW64\regsvr32.exe
Here is the Raw Data and Process Trace:
Mitigation Lockdown
Timestamp 2020-08-31T14:34:34
Platform 6.1.7601/x64 v321 06_3c-
PID 7280
Application C:\Windows\SysWOW64\regsvr32.exe
Created 2009-07-13T23:58:32
Modified 2009-07-14T01:14:30
Description Microsoft(C) Register Server 6.1
Filename C:\Users\xxxxxxxxx\AppData\Local\Temp\~322103563.exe
Created By C:\Windows\SysWOW64\regsvr32.exe
Lockdown type: DenyNewFileExecute
Loaded Modules
-----------------------------------------------------------------------------
74B00000-74C00000 hmpalert.dll (SurfRight B.V.),
version: 3.7.17.317
749D0000-74A0E000 SOPHOS~1.DLL (Sophos Limited),
version: 10.8.8.337
10000000-10035000 temp.tmp (),
version:
Process Trace
1 C:\Windows\SysWOW64\regsvr32.exe [7280]
"C:\Windows\System32\regsvr32.exe" C:\Users\XXXXX~1\AppData\Local\Temp\temp.tmp
2 C:\Users\Public\in.com [10952]
C:\users\public\in.com C:\users\public\in.html
3 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE [10268]
C:\PROGRA~2\MICROS~3\Office12\WINWORD.EXE -Embedding
4 C:\Windows\System32\svchost.exe [900]
C:\Windows\system32\svchost.exe -k DcomLaunch
5 C:\Windows\System32\services.exe [780]
6 C:\Windows\System32\wininit.exe [676]
wininit.exe
7 C:\Windows\System32\smss.exe [556]
\SystemRoot\System32\smss.exe 00000000 00000048
8 C:\Windows\System32\smss.exe [380]
\SystemRoot\System32\smss.exe
Thumbprint
7745bc172997a7decd30745363ec381d0536aa679c85e480287c4b1682aecbe3
Thanks for any assistance.
This thread was automatically locked due to age.
