Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 19986 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safe Browsing detected browser Google Chrome has been compromised

Chris Whitehead

Hi all,

 

We have just installed Endpoint and interceptX on four PCs and all is fine with 3 of them but one shows this error 

 

"Safe Browsing detected browser Google Chrome has been compromised"

Under the application log i can see a "Event911 HitmanPro Alert"

Here is the copy and paste of that event

 

Intruder

PID 1264
Application C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
Description Google Chrome 67

Detour Report
# Address Owner Disassembly
-- ------------------ ------------------------ ------------------------
HttpOpenRequestW *
1 0x000007FEFE8DC620 WININET.dll JMP QWORD [RIP+0x3349da]
2 0x000007FEFEC0000E (anonymous)

InternetReadFile *
1 0x000007FEFE8E31E0 WININET.dll JMP QWORD [RIP+0x3bde1a]
2 0x000007FEFEC9000E (anonymous)

InternetReadFileExW *
1 0x000007FEFE8F2CA0 WININET.dll JMP QWORD [RIP+0x3ce35a]
2 0x000007FEFECB000E (anonymous)

HttpSendRequestExW *
1 0x000007FEFE900A10 WININET.dll JMP QWORD [RIP+0x4205ea]
2 0x000007FEFED1000E (anonymous)

InternetOpenUrlA *
1 0x000007FEFE9DED00 WININET.dll JMP QWORD [RIP+0x2a22fa]
2 0x000007FEFEC7000E (anonymous)

InternetOpenUrlW *
1 0x000007FEFE9DF9B0 WININET.dll JMP QWORD [RIP+0x27164a]
2 0x000007FEFEC4000E (anonymous)

HttpSendRequestExA *
1 0x000007FEFEA08450 WININET.dll JMP QWORD [RIP+0x338baa]
2 0x000007FEFED3000E (anonymous)

HttpOpenRequestA *
1 0x000007FEFEA0AF20 WININET.dll JMP QWORD [RIP+0x2260da]
2 0x000007FEFEC2000E (anonymous)


Backwards compatible thumbprint:
4ef809bea316f509e6f5724427fff7615a30e3e69f90566af21fba8be6d116be

Thumbprint
da3464c76f97f7c0f2af43359e3b95dfa43f6494c9ec3f98b4cd473779026e69

- System
- Provider
[ Name] HitmanPro.Alert

- EventID 911
[ Qualifiers] 0

Level 2

Task 3

Keywords 0x80000000000000

- TimeCreated
[ SystemTime] 2018-07-04T10:30:09.000000000Z

EventRecordID 1497266

Channel Application

Computer GEORGE-SSD.XXXXXXXXXXX.local

Security

- EventData
C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
Intruder
Intruder PID 1264 Application C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe Description Google Chrome 67 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ HttpOpenRequestW * 1 0x000007FEFE8DC620 WININET.dll JMP QWORD [RIP+0x3349da] 2 0x000007FEFEC0000E (anonymous) InternetReadFile * 1 0x000007FEFE8E31E0 WININET.dll JMP QWORD [RIP+0x3bde1a] 2 0x000007FEFEC9000E (anonymous) InternetReadFileExW * 1 0x000007FEFE8F2CA0 WININET.dll JMP QWORD [RIP+0x3ce35a] 2 0x000007FEFECB000E (anonymous) HttpSendRequestExW * 1 0x000007FEFE900A10 WININET.dll JMP QWORD [RIP+0x4205ea] 2 0x000007FEFED1000E (anonymous) InternetOpenUrlA * 1 0x000007FEFE9DED00 WININET.dll JMP QWORD [RIP+0x2a22fa] 2 0x000007FEFEC7000E (anonymous) InternetOpenUrlW * 1 0x000007FEFE9DF9B0 WININET.dll JMP QWORD [RIP+0x27164a] 2 0x000007FEFEC4000E (anonymous) HttpSendRequestExA * 1 0x000007FEFEA08450 WININET.dll JMP QWORD [RIP+0x338baa] 2 0x000007FEFED3000E (anonymous) HttpOpenRequestA * 1 0x000007FEFEA0AF20 WININET.dll JMP QWORD [RIP+0x2260da] 2 0x000007FEFEC2000E (anonymous) Backwards compatible thumbprint: 4ef809bea316f509e6f5724427fff7615a30e3e69f90566af21fba8be6d116be Thumbprint da3464c76f97f7c0f2af43359e3b95dfa43f6494c9ec3f98b4cd473779026e69

 

 

I have also looked at the HitManPro logs but still cannot see what is causing the issue.

 

2018-07-04T10:13:38.404Z [Service] Startup (build 745)
2018-07-04T10:13:39.271Z [Service] Running
2018-07-04T10:13:39.819Z [Protected] PID 5944, Features 0300200000000004, C:\Windows\SysWOW64\regsvr32.exe
2018-07-04T10:13:40.032Z [Protected] PID 7164, Features 0300200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:13:45.984Z [Protected] PID 6284, Features 0300200000000004, C:\Windows\SysWOW64\msiexec.exe
2018-07-04T10:13:47.164Z [Protected] PID 6072, Features 0300200000000004, C:\Windows\System32\msiexec.exe
2018-07-04T10:13:52.833Z [Protected] PID 6604, Features 0300200000000004, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
2018-07-04T10:13:54.130Z [Protected] PID 7184, Features 0300200000000004, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
2018-07-04T10:13:55.129Z [Protected] PID 7228, Features 0300200000000004, C:\Windows\SysWOW64\msiexec.exe
2018-07-04T10:13:56.415Z [Protected] PID 7288, Features 030020000000000C, C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
2018-07-04T10:13:59.480Z [Protected] PID 7368, Features 0300200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:19.477Z [Protected] PID 7812, Features 0300200000000008, C:\Windows\System32\taskhost.exe
2018-07-04T10:14:35.324Z [Protected] PID 8064, Features 0300200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:35.610Z [NewApplication] Browsers, $appdata\Google\Chrome\Application\chrome.exe (C:\Users\george.SQSLTD\AppData\Local\Google\Chrome\Application\chrome.exe)
2018-07-04T10:14:35.614Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101435
2018-07-04T10:14:35.636Z [Protected] PID 8076, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:35.638Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435637-1.xml
2018-07-04T10:14:35.692Z [NewApplication] Browsers, $appdata\Google\Chrome\Application\chrome.exe (C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe)
2018-07-04T10:14:35.712Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435707-2.xml
2018-07-04T10:14:35.715Z [NewApplication] Browsers, $programfiles\Internet Explorer\iexplore.exe (C:\Program Files\Internet Explorer\iexplore.exe)
2018-07-04T10:14:35.728Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435725-3.xml
2018-07-04T10:14:35.734Z [NewApplication] Browsers, $programfiles\Opera\53.0.2907.99\opera.exe (C:\Program Files\Opera\53.0.2907.99\opera.exe)
2018-07-04T10:14:35.747Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435746-4.xml
2018-07-04T10:14:35.765Z [NewApplication] Plugins, $system32\Macromed\Flash\FlashPlayerPlugin_30_0_0_113.exe (C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_30_0_0_113.exe)
2018-07-04T10:14:35.810Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435809-5.xml
2018-07-04T10:14:35.851Z [NewApplication] Office, $programfiles\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe)
2018-07-04T10:14:35.877Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435875-6.xml
2018-07-04T10:14:35.884Z [NewApplication] Office, $programfiles\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe (C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe)
2018-07-04T10:14:36.117Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101436116-7.xml
2018-07-04T10:14:36.122Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\WINWORD.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE)
2018-07-04T10:14:36.182Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101436181-8.xml
2018-07-04T10:14:36.189Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\EXCEL.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE)
2018-07-04T10:14:36.663Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101436659-9.xml
2018-07-04T10:14:36.674Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\POWERPNT.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE)
2018-07-04T10:14:37.197Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101437196-10.xml
2018-07-04T10:14:37.207Z [NewApplication] Office, $programfiles\Windows NT\Accessories\WORDPAD.EXE (C:\Program Files\Windows NT\Accessories\WORDPAD.EXE)
2018-07-04T10:14:38.136Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438134-11.xml
2018-07-04T10:14:38.141Z [NewApplication] Media, $programfiles\VideoLAN\VLC\vlc.exe (C:\Program Files (x86)\VideoLAN\VLC\vlc.exe)
2018-07-04T10:14:38.407Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438405-12.xml
2018-07-04T10:14:38.470Z [NewApplication] Media, $windows\eHome\ehshell.exe (C:\Windows\eHome\ehshell.exe)
2018-07-04T10:14:38.493Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438492-13.xml
2018-07-04T10:14:38.502Z [NewApplication] Media, $programfiles\Windows Media Player\wmplayer.exe (C:\Program Files (x86)\Windows Media Player\wmplayer.exe)
2018-07-04T10:14:38.531Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438526-14.xml
2018-07-04T10:14:38.535Z [NewApplication] Media, $programfiles\Windows Live\Photo Gallery\WLXPhotoGallery.exe (C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe)
2018-07-04T10:14:38.549Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438548-15.xml
2018-07-04T10:14:38.553Z [NewApplication] Media, $programfiles\Windows Live\Photo Gallery\MovieMaker.exe (C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe)
2018-07-04T10:14:38.573Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438572-16.xml
2018-07-04T10:14:38.584Z [NewApplication] Media, $programfiles\Adobe\Adobe Flash CS5\Players\FlashPlayer.exe (C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\FlashPlayer.exe)
2018-07-04T10:14:38.668Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438666-17.xml
2018-07-04T10:14:38.675Z [NewApplication] Other, $programfiles\Microsoft Office\Root\Office16\lync.exe (C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe)
2018-07-04T10:14:39.013Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101439007-18.xml
2018-07-04T10:14:39.073Z [NewApplication] Other, $programfiles\Skype\Phone\Skype.exe (C:\Program Files (x86)\Skype\Phone\Skype.exe)
2018-07-04T10:14:39.516Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101439515-19.xml
2018-07-04T10:14:39.523Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\java.exe (c:\program files (x86)\java\jre1.8.0_151\bin\java.exe)
2018-07-04T10:14:39.926Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101439925-20.xml
2018-07-04T10:14:39.990Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\javaw.exe (c:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe)
2018-07-04T10:14:40.758Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101440756-21.xml
2018-07-04T10:14:40.763Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\javaws.exe (c:\program files (x86)\java\jre1.8.0_151\bin\javaws.exe)
2018-07-04T10:14:41.104Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101441103-22.xml
2018-07-04T10:14:41.108Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\jp2launcher.exe (c:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe)
2018-07-04T10:14:41.130Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101441127-23.xml
2018-07-04T10:14:45.713Z [Protected] PID 8172, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:45.806Z [Protected] PID 8184, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:45.842Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101445
2018-07-04T10:15:19.268Z [Protected] PID 7332, Features 0000200000000004, C:\Windows\System32\taskeng.exe
2018-07-04T10:15:19.591Z [Protected] PID 6340, Features 0000200000000004, C:\Users\george\AppData\Local\Google\Update\GoogleUpdate.exe
2018-07-04T10:15:20.492Z [Protected] PID 6800, Features 0000200000000004, C:\Users\george\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
2018-07-04T10:15:23.900Z [Protected] PID 7396, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:15:35.353Z [Protected] PID 7564, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:15:35.840Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101535
2018-07-04T10:15:35.856Z [Protected] PID 7516, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:16:35.371Z [Protected] PID 8048, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:16:35.918Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101635
2018-07-04T10:16:35.939Z [Protected] PID 2232, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:17:53.377Z [Protected] PID 7444, Features 0000200000000004, C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2018-07-04T10:17:53.794Z [Protected] PID 3124, Features 0000200000000004, C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
2018-07-04T10:18:13.100Z [Protected] PID 7412, Features 0000200000000004, C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
2018-07-04T10:18:18.389Z [Protected] PID 7584, Features 000020000000000C, C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2018-07-04T10:18:24.125Z [Protected] PID 4504, Features 0000200000000004, C:\Windows\System32\SearchProtocolHost.exe
2018-07-04T10:18:24.579Z [Protected] PID 2236, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:18:28.323Z [Protected] PID 6852, Features 0000200000009004, C:\Program Files\Internet Explorer\iexplore.exe
2018-07-04T10:18:31.900Z [Alert] Intruder, familyId=1e011c52-ba2e-4538-a760-d868a1b27f0d, PID 6852, C:\Program Files\Internet Explorer\iexplore.exe
2018-07-04T10:18:31.905Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704101831903-24.xml
2018-07-04T10:18:31.908Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\fc57f05f-bd0f-4853-875c-38298b16473a.json
2018-07-04T10:18:33.268Z [Protected] PID 4656, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:18:33.714Z [Protected] PID 2456, Features 000020000000B004, C:\Program Files (x86)\Internet Explorer\iexplore.exe
2018-07-04T10:18:38.788Z [Alert] Intruder, familyId=ce7eaa10-6620-4e17-9094-5bb23dfed40e, PID 2456, C:\Program Files (x86)\Internet Explorer\iexplore.exe
2018-07-04T10:18:38.791Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704101838790-25.xml
2018-07-04T10:18:38.794Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\deecd79b-f459-417d-92ad-cf29158a9354.json
2018-07-04T10:18:41.177Z [Protected] PID 8184, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:18:42.218Z [Protected] PID 6252, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:18:42.486Z [Protected] PID 8148, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:18:42.515Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101842
2018-07-04T10:18:49.976Z [Protected] PID 7536, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:18:54.025Z [Protected] PID 8020, Features 000020000000000C, C:\Windows\System32\wermgr.exe
2018-07-04T10:18:54.402Z [Protected] PID 3460, Features 0000200000000004, C:\Windows\System32\rundll32.exe
2018-07-04T10:19:03.774Z [Protected] PID 6432, Features 0000200000000004, C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe
2018-07-04T10:19:06.183Z [Protected] PID 2356, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:19:12.429Z [Protected] PID 8056, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:19:37.354Z [Protected] PID 7464, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:19:52.266Z [Protected] PID 5692, Features 0000200000000004, C:\Program Files\Sophos\Sophos Standalone Engine\engine1\engine\15306990950041643\validator.exe
2018-07-04T10:19:53.876Z [Protected] PID 5704, Features 0000200000000004, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Verify.exe
2018-07-04T10:19:56.165Z [Protected] PID 5764, Features 000020000000000C, C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
2018-07-04T10:19:56.238Z [Protected] PID 5392, Features 0000200000000004, C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
2018-07-04T10:19:57.278Z [Protected] PID 5176, Features 0000200000000004, C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
2018-07-04T10:20:53.252Z [Protected] PID 6040, Features 0000200000000004, C:\Windows\System32\taskeng.exe
2018-07-04T10:20:53.928Z [Protected] PID 6828, Features 0000200000000004, C:\Windows\SysWOW64\dllhost.exe
2018-07-04T10:20:56.378Z [Protected] PID 6628, Features 0000200000000004, C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
2018-07-04T10:20:59.155Z [Protected] PID 3480, Features 0000200000000004, C:\Windows\System32\SearchProtocolHost.exe
2018-07-04T10:21:00.221Z [Protected] PID 2624, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:21:21.279Z [Protected] PID 6432, Features 0000200000000008, C:\Windows\System32\sppsvc.exe
2018-07-04T10:21:21.344Z [Protected] PID 7720, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.450Z [Protected] PID 5708, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.525Z [Protected] PID 4504, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.563Z [Protected] PID 6052, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.654Z [Protected] PID 8148, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.680Z [Protected] PID 4216, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.733Z [Protected] PID 5980, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.750Z [Protected] PID 7232, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.893Z [Protected] PID 4984, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.912Z [Protected] PID 2432, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.984Z [Protected] PID 3124, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:22.000Z [Protected] PID 7648, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:22.555Z [Protected] PID 7344, Features 0000200000000004, C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
2018-07-04T10:21:53.571Z [Protected] PID 7156, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:22:04.849Z [Protected] PID 7176, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:22:11.421Z [Protected] PID 7668, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:13.385Z [Protected] PID 8052, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:20.880Z [Alert] Intruder, familyId=d04bc712-37df-4118-859b-8b46850e3d09, PID 8052, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:20.897Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102220894-26.xml
2018-07-04T10:22:20.907Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\33d5d6a3-cfbd-4418-99ea-286da967536e.json
2018-07-04T10:22:22.647Z [Alert] Intruder, familyId=952b7382-b689-4066-94e8-baacf921af00, PID 7668, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:22.653Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102222650-27.xml
2018-07-04T10:22:22.656Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d3f0111d-8116-4bde-b487-b97f78714d77.json
2018-07-04T10:22:25.484Z [Protected] PID 5692, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:26.017Z [Protected] PID 4532, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:27.211Z [Protected] PID 3012, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:27.594Z [Protected] PID 7788, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:27.766Z [Protected] PID 6936, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.470Z [Protected] PID 3124, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.784Z [Protected] PID 4656, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.970Z [Alert] Intruder, familyId=e13f5a3b-2033-42fb-814d-ae590a2c980d, PID 5692, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.974Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102228973-28.xml
2018-07-04T10:22:28.989Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\b3efdca2-502a-449c-8060-0f2cba36eb27.json
2018-07-04T10:22:29.553Z [Alert] Intruder, familyId=d2200a29-66cf-498e-86f1-dd1d96da7e86, PID 4532, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:29.595Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102229593-29.xml
2018-07-04T10:22:29.606Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\28ea4a09-a303-41aa-a1a3-12e474c3ad0b.json
2018-07-04T10:22:31.145Z [Protected] PID 8280, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:31.172Z [Alert] Intruder, familyId=55f08377-479a-4828-9a62-4e4458d57de2, PID 7788, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:31.176Z [Alert] Intruder, familyId=baef9362-9344-4d48-a6f5-cae99fba96a0, PID 3012, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:31.188Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102231187-30.xml
2018-07-04T10:22:31.202Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102231201-31.xml
2018-07-04T10:22:31.222Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\1f25f47c-2eae-46a4-bda9-f8c03cea2017.json
2018-07-04T10:22:31.226Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e3dadd05-06dd-4c4e-bbf1-3baac5559e06.json
2018-07-04T10:22:31.269Z [Protected] PID 8300, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:31.291Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102231
2018-07-04T10:22:31.295Z [Alert] Intruder, familyId=0c9a10d3-bb8e-4814-9b1e-73ffd63fd620, PID 6936, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:31.300Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102231298-32.xml
2018-07-04T10:22:31.313Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\f4281fe1-ba02-4b5a-8cd9-8cf875d5f4aa.json
2018-07-04T10:22:32.116Z [Alert] Intruder, familyId=4d85e798-a39f-4683-b818-f3f5059e9fcb, PID 3124, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:32.139Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102232137-33.xml
2018-07-04T10:22:32.257Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\541fa49f-cd7b-4377-9ebe-ae5d8e47a521.json
2018-07-04T10:22:32.284Z [Alert] Intruder, familyId=968c64db-8993-4209-9c25-f8267f9117cc, PID 4656, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:32.299Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102232297-34.xml
2018-07-04T10:22:32.386Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e907b2d5-c926-4570-ae43-ee94615ea9f5.json
2018-07-04T10:22:41.328Z [Protected] PID 8496, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:41.400Z [Protected] PID 8508, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:41.424Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102241
2018-07-04T10:25:54.545Z [Protected] PID 8812, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:25:54.806Z [Protected] PID 8852, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:26:01.074Z [Protected] PID 9012, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:27:33.446Z [Protected] PID 8016, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:27:33.482Z [Protected] PID 7272, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:27:41.963Z [Protected] PID 4780, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:27:49.873Z [Protected] PID 2524, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:50.515Z [Protected] PID 9128, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:51.435Z [Protected] PID 4244, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:52.172Z [Protected] PID 8380, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:53.092Z [Alert] Intruder, familyId=e1d74647-15bc-4fe6-9909-fa6640de2d31, PID 2524, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:53.095Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102753093-35.xml
2018-07-04T10:27:53.099Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\71d53096-5c99-4579-b87a-f9d172e00282.json
2018-07-04T10:27:53.825Z [Alert] Intruder, familyId=22eef432-298d-40f2-a778-6266f0c53959, PID 9128, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:53.827Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102753825-36.xml
2018-07-04T10:27:53.832Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e8314e76-3182-4ef5-be3f-b46ef68587e8.json
2018-07-04T10:27:54.583Z [Alert] Intruder, familyId=3b0f90e4-1ddb-4be4-88a4-d6a881ae0304, PID 4244, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:54.585Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102754583-37.xml
2018-07-04T10:27:54.593Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\221187b5-8f9b-4f88-9f17-eb5d48581456.json
2018-07-04T10:27:55.330Z [Alert] Intruder, familyId=300e71a9-ee24-4755-b5de-ca52dc44265a, PID 8380, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:55.332Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102755331-38.xml
2018-07-04T10:27:55.336Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\9bf8f146-b49f-4b62-832d-d9cfa6d643f0.json
2018-07-04T10:28:03.115Z [Protected] PID 2164, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:03.145Z [Protected] PID 8068, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:03.202Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102803
2018-07-04T10:28:14.469Z [Protected] PID 8480, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:14.577Z [Protected] PID 8500, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:14.603Z [Protected] PID 2432, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:15.180Z [Protected] PID 1056, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.507Z [Protected] PID 5720, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.573Z [Alert] Intruder, familyId=ee9760a1-2163-4b7f-9e3e-cacacad1b57c, PID 8500, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.683Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102818681-39.xml
2018-07-04T10:28:18.785Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\53950a77-f212-46a5-a2b5-20d239390d69.json
2018-07-04T10:28:18.795Z [Alert] Intruder, familyId=6be7d697-92c6-43ec-9bfe-4a67bc84e205, PID 1056, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.805Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102818804-40.xml
2018-07-04T10:28:18.867Z [Alert] Intruder, familyId=8bd57576-2395-45cf-b82e-7b1713def047, PID 2432, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.871Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\2b7ca15f-df2f-4371-8ede-bd9f8b9dc9f6.json
2018-07-04T10:28:18.940Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102818873-41.xml
2018-07-04T10:28:19.313Z [Alert] Intruder, familyId=3d91765c-4e0a-4644-85ef-451ac8c6aa1e, PID 8480, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:19.389Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\da3c8e15-241b-44fe-8341-6c1847c59a0d.json
2018-07-04T10:28:19.401Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102819345-42.xml
2018-07-04T10:28:19.404Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\c8e6b12e-211f-48f8-8b1d-7d6949dcfb6a.json
2018-07-04T10:28:20.297Z [Protected] PID 7212, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:20.438Z [Protected] PID 8784, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:21.468Z [Protected] PID 8404, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:22.063Z [Alert] Intruder, familyId=9c8a4551-ce9a-4179-b9ef-be2c973d28c5, PID 5720, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:22.152Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102822150-43.xml
2018-07-04T10:28:22.234Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\730d338f-e8d4-4029-9be1-a068d99d7aec.json
2018-07-04T10:28:24.852Z [Alert] Intruder, familyId=821d6a67-96b6-4c39-abdd-6a2b875cc3c4, PID 7212, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:24.916Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102824914-44.xml
2018-07-04T10:28:24.946Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d8a24c30-09db-43ce-93b4-da7c3748b566.json
2018-07-04T10:28:25.047Z [Alert] Intruder, familyId=7b15f519-d04f-4e86-9932-d0ca2254c802, PID 8784, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:25.052Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102825050-45.xml
2018-07-04T10:28:25.061Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d9e5a722-8f15-48f0-90c8-f3bed11ea1e6.json
2018-07-04T10:28:25.135Z [Alert] Intruder, familyId=e6fbcd55-4d2e-469e-9302-efffd9b3749c, PID 8404, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:25.156Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102825155-46.xml
2018-07-04T10:28:25.159Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\6aaef38a-b418-4fb6-a834-142512534a5f.json
2018-07-04T10:28:25.983Z [Protected] PID 9184, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:26.144Z [Protected] PID 8580, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:26.282Z [Protected] PID 7572, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:27.899Z [Protected] PID 7188, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:28.801Z [Protected] PID 8360, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:28.927Z [Protected] PID 7232, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:28.959Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102828
2018-07-04T10:28:29.179Z [Alert] Intruder, familyId=02074d47-4879-4211-857c-52f122a6d2be, PID 9184, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:29.184Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102829181-47.xml
2018-07-04T10:28:29.212Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\9e2c7316-9701-46c5-9941-8c414b3ab85d.json
2018-07-04T10:28:29.418Z [Alert] Intruder, familyId=21a12651-bdfd-47b2-ab86-8767a6616a7d, PID 8580, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:29.422Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102829420-48.xml
2018-07-04T10:28:29.431Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d72b6914-2b6d-4a52-8162-2efaa479d239.json
2018-07-04T10:28:29.936Z [Alert] Intruder, familyId=9a0a4c24-de2a-44c7-94a2-0b73441b269e, PID 7572, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:29.960Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102829959-49.xml
2018-07-04T10:28:29.964Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\43e2f41b-fd85-48af-bb0f-45a344cd7997.json
2018-07-04T10:28:31.088Z [Alert] Intruder, familyId=4b6c01b4-5602-4153-aec7-8f479205edcd, PID 7188, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:31.090Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102831089-50.xml
2018-07-04T10:28:31.094Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\05523917-eb9e-426b-9f18-1cdb9bbca7c5.json
2018-07-04T10:28:39.189Z [Protected] PID 4380, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:39.290Z [Protected] PID 8360, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:39.389Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102839
2018-07-04T10:29:50.316Z [Protected] PID 9060, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:50.469Z [Protected] PID 3088, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:52.783Z [Protected] PID 8884, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:53.764Z [Alert] Intruder, familyId=480f60fe-615e-425f-9d1b-c6f6732ec795, PID 9060, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:53.765Z [Alert] Intruder, familyId=f19f0509-cf66-4f7e-8ff9-363243d32e55, PID 3088, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:53.767Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102953766-51.xml
2018-07-04T10:29:53.789Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102953776-52.xml
2018-07-04T10:29:53.791Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\1cf6ca25-57f2-4ee5-97ed-7d69bc2f2d60.json
2018-07-04T10:29:53.801Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\181aac4e-9e93-4517-a016-c993872c6700.json
2018-07-04T10:29:55.920Z [Alert] Intruder, familyId=f68794fe-894b-466b-b420-f318e2b4fa49, PID 8884, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:55.922Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102955921-53.xml
2018-07-04T10:29:55.927Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\82222b90-a02b-4ea5-ade2-1701cf140ea0.json
2018-07-04T10:29:58.309Z [Protected] PID 8396, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:58.542Z [Protected] PID 7924, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:02.040Z [Alert] Intruder, familyId=206bd9d3-c3c9-4eeb-ad91-f584b8601978, PID 8396, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:02.041Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103002040-54.xml
2018-07-04T10:30:02.043Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\3abf9780-1aec-4f57-a860-61d2a26de543.json
2018-07-04T10:30:03.484Z [Protected] PID 4396, Features 0000200000000004, C:\Windows\System32\wbem\WmiPrvSE.exe
2018-07-04T10:30:03.823Z [Protected] PID 8652, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:03.951Z [Protected] PID 8796, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:04.045Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103003
2018-07-04T10:30:05.918Z [Alert] Intruder, familyId=e8cd2f7b-408f-4537-9fa7-0925785c60f0, PID 7924, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:05.920Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103005918-55.xml
2018-07-04T10:30:05.979Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\1dfe602a-fee2-40f2-a4a0-d1d34ceb91a6.json
2018-07-04T10:30:06.051Z [Protected] PID 1264, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:06.735Z [Protected] PID 5412, Features 0000200000000004, C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
2018-07-04T10:30:09.328Z [Alert] Intruder, familyId=c2c322cd-8cec-4068-a3dd-5587ab8852d5, PID 1264, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:09.354Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103009352-56.xml
2018-07-04T10:30:09.367Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\5ab75013-3e89-428e-89b0-9f91b217a31f.json
2018-07-04T10:30:15.948Z [Protected] PID 5312, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:15.987Z [Protected] PID 8868, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:16.027Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103015
2018-07-04T10:31:17.466Z [Protected] PID 7648, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:31:24.140Z [Protected] PID 8452, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:31:41.390Z [Protected] PID 780, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:31:47.976Z [Protected] PID 8728, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:32:01.071Z [Protected] PID 3208, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:32:11.012Z [Protected] PID 8532, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:33:58.124Z [Protected] PID 3208, Features 0000200000000004, C:\Windows\System32\mmc.exe
2018-07-04T10:34:26.340Z [Protected] PID 8384, Features 000020000000000C, C:\Windows\System32\svchost.exe
2018-07-04T10:35:53.972Z [Protected] PID 8840, Features 0000200000000004, C:\Windows\System32\taskeng.exe
2018-07-04T10:35:54.401Z [Protected] PID 3012, Features 0000200000000004, C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
2018-07-04T10:36:03.438Z [Protected] PID 8788, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:37:26.291Z [Protected] PID 8684, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:37:26.340Z [Protected] PID 8432, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:37:38.486Z [Protected] PID 6416, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:38:18.748Z [Protected] PID 5700, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:38:21.886Z [Alert] Intruder, familyId=c78caa01-6c0e-4d9f-bf79-e553cbb2e75d, PID 5700, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:38:21.891Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103821890-57.xml
2018-07-04T10:38:21.897Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\5d337d9c-7c0c-4b5e-b7e4-4e3fbb511a2d.json
2018-07-04T10:38:32.020Z [Protected] PID 6224, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:38:32.086Z [Protected] PID 1260, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:38:32.146Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103832
2018-07-04T10:39:34.475Z [Protected] PID 7720, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:39:37.636Z [Alert] Intruder, familyId=2d783253-2ebe-4b67-bb9e-c647df60df50, PID 7720, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:39:37.639Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103937638-58.xml
2018-07-04T10:39:37.642Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\91bff786-6b9a-48ec-85c6-88e4c6cd8d28.json
2018-07-04T10:39:47.676Z [Protected] PID 6616, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:39:47.919Z [Protected] PID 8932, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:39:47.952Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103947
2018-07-04T10:40:07.162Z [Protected] PID 6600, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:07.388Z [Protected] PID 8316, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:08.057Z [Protected] PID 7328, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:10.228Z [Protected] PID 8004, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:10.810Z [Alert] Intruder, familyId=bb62b2c4-d112-4945-a5b8-c4aa029d1007, PID 6600, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:10.812Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104010810-59.xml
2018-07-04T10:40:10.823Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e8519baa-559e-4c74-9198-8086ecb69cbf.json
2018-07-04T10:40:11.477Z [Protected] PID 3896, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:11.478Z [Alert] Intruder, familyId=191fc3ad-ac11-48c6-9c28-ddaef34db1ba, PID 7328, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:11.497Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104011495-60.xml
2018-07-04T10:40:11.535Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d5be0fad-7eea-415c-a452-1a347ab74837.json
2018-07-04T10:40:11.924Z [Alert] Intruder, familyId=2d2f0032-46f7-4464-a20b-77cc30a9b05b, PID 8316, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:11.926Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104011925-61.xml
2018-07-04T10:40:11.930Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\ec78323f-ae27-4737-8b15-5e41be1b21a8.json
2018-07-04T10:40:14.845Z [Alert] Intruder, familyId=12b759ce-3d05-4222-9dc2-ff242f8adf1a, PID 3896, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:14.915Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104014913-62.xml
2018-07-04T10:40:14.986Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\a4ebbba9-3bc3-4d66-b96b-ab338109b1d0.json
2018-07-04T10:40:15.382Z [Alert] Intruder, familyId=eff74c81-0501-4420-a099-439004606500, PID 8004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:15.415Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104015414-63.xml
2018-07-04T10:40:15.440Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e527f841-5a37-49dc-ac64-88556fb6706a.json
2018-07-04T10:40:20.770Z [Protected] PID 6616, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:40:20.796Z [Protected] PID 8756, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:40:20.817Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704104020
2018-07-04T10:43:22.819Z [Protected] PID 9032, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:43:33.403Z [Protected] PID 3484, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:43:49.832Z [Protected] PID 9072, Features 0000200000000004, C:\Windows\System32\notepad.exe
2018-07-04T10:43:50.506Z [Protected] PID 1488, Features 0000200000000004, C:\Windows\System32\dllhost.exe

 

I have checked the forum and see similar threads but none seem to show a light on the issue.

I have checked and cannot see any sign of LanDesk or Trusteer rapport being installed

Any help greatly appreciated



This thread was automatically locked due to age.
Unfiltered HTML