Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 12 subscribers
  • Views 19988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safe Browsing detected browser Google Chrome has been compromised

Chris Whitehead

Hi all,

 

We have just installed Endpoint and interceptX on four PCs and all is fine with 3 of them but one shows this error 

 

"Safe Browsing detected browser Google Chrome has been compromised"

Under the application log i can see a "Event911 HitmanPro Alert"

Here is the copy and paste of that event

 

Intruder

PID 1264
Application C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
Description Google Chrome 67

Detour Report
# Address Owner Disassembly
-- ------------------ ------------------------ ------------------------
HttpOpenRequestW *
1 0x000007FEFE8DC620 WININET.dll JMP QWORD [RIP+0x3349da]
2 0x000007FEFEC0000E (anonymous)

InternetReadFile *
1 0x000007FEFE8E31E0 WININET.dll JMP QWORD [RIP+0x3bde1a]
2 0x000007FEFEC9000E (anonymous)

InternetReadFileExW *
1 0x000007FEFE8F2CA0 WININET.dll JMP QWORD [RIP+0x3ce35a]
2 0x000007FEFECB000E (anonymous)

HttpSendRequestExW *
1 0x000007FEFE900A10 WININET.dll JMP QWORD [RIP+0x4205ea]
2 0x000007FEFED1000E (anonymous)

InternetOpenUrlA *
1 0x000007FEFE9DED00 WININET.dll JMP QWORD [RIP+0x2a22fa]
2 0x000007FEFEC7000E (anonymous)

InternetOpenUrlW *
1 0x000007FEFE9DF9B0 WININET.dll JMP QWORD [RIP+0x27164a]
2 0x000007FEFEC4000E (anonymous)

HttpSendRequestExA *
1 0x000007FEFEA08450 WININET.dll JMP QWORD [RIP+0x338baa]
2 0x000007FEFED3000E (anonymous)

HttpOpenRequestA *
1 0x000007FEFEA0AF20 WININET.dll JMP QWORD [RIP+0x2260da]
2 0x000007FEFEC2000E (anonymous)


Backwards compatible thumbprint:
4ef809bea316f509e6f5724427fff7615a30e3e69f90566af21fba8be6d116be

Thumbprint
da3464c76f97f7c0f2af43359e3b95dfa43f6494c9ec3f98b4cd473779026e69

- System
- Provider
[ Name] HitmanPro.Alert

- EventID 911
[ Qualifiers] 0

Level 2

Task 3

Keywords 0x80000000000000

- TimeCreated
[ SystemTime] 2018-07-04T10:30:09.000000000Z

EventRecordID 1497266

Channel Application

Computer GEORGE-SSD.XXXXXXXXXXX.local

Security

- EventData
C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
Intruder
Intruder PID 1264 Application C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe Description Google Chrome 67 Detour Report # Address Owner Disassembly -- ------------------ ------------------------ ------------------------ HttpOpenRequestW * 1 0x000007FEFE8DC620 WININET.dll JMP QWORD [RIP+0x3349da] 2 0x000007FEFEC0000E (anonymous) InternetReadFile * 1 0x000007FEFE8E31E0 WININET.dll JMP QWORD [RIP+0x3bde1a] 2 0x000007FEFEC9000E (anonymous) InternetReadFileExW * 1 0x000007FEFE8F2CA0 WININET.dll JMP QWORD [RIP+0x3ce35a] 2 0x000007FEFECB000E (anonymous) HttpSendRequestExW * 1 0x000007FEFE900A10 WININET.dll JMP QWORD [RIP+0x4205ea] 2 0x000007FEFED1000E (anonymous) InternetOpenUrlA * 1 0x000007FEFE9DED00 WININET.dll JMP QWORD [RIP+0x2a22fa] 2 0x000007FEFEC7000E (anonymous) InternetOpenUrlW * 1 0x000007FEFE9DF9B0 WININET.dll JMP QWORD [RIP+0x27164a] 2 0x000007FEFEC4000E (anonymous) HttpSendRequestExA * 1 0x000007FEFEA08450 WININET.dll JMP QWORD [RIP+0x338baa] 2 0x000007FEFED3000E (anonymous) HttpOpenRequestA * 1 0x000007FEFEA0AF20 WININET.dll JMP QWORD [RIP+0x2260da] 2 0x000007FEFEC2000E (anonymous) Backwards compatible thumbprint: 4ef809bea316f509e6f5724427fff7615a30e3e69f90566af21fba8be6d116be Thumbprint da3464c76f97f7c0f2af43359e3b95dfa43f6494c9ec3f98b4cd473779026e69

 

 

I have also looked at the HitManPro logs but still cannot see what is causing the issue.

 

2018-07-04T10:13:38.404Z [Service] Startup (build 745)
2018-07-04T10:13:39.271Z [Service] Running
2018-07-04T10:13:39.819Z [Protected] PID 5944, Features 0300200000000004, C:\Windows\SysWOW64\regsvr32.exe
2018-07-04T10:13:40.032Z [Protected] PID 7164, Features 0300200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:13:45.984Z [Protected] PID 6284, Features 0300200000000004, C:\Windows\SysWOW64\msiexec.exe
2018-07-04T10:13:47.164Z [Protected] PID 6072, Features 0300200000000004, C:\Windows\System32\msiexec.exe
2018-07-04T10:13:52.833Z [Protected] PID 6604, Features 0300200000000004, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
2018-07-04T10:13:54.130Z [Protected] PID 7184, Features 0300200000000004, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe
2018-07-04T10:13:55.129Z [Protected] PID 7228, Features 0300200000000004, C:\Windows\SysWOW64\msiexec.exe
2018-07-04T10:13:56.415Z [Protected] PID 7288, Features 030020000000000C, C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
2018-07-04T10:13:59.480Z [Protected] PID 7368, Features 0300200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:19.477Z [Protected] PID 7812, Features 0300200000000008, C:\Windows\System32\taskhost.exe
2018-07-04T10:14:35.324Z [Protected] PID 8064, Features 0300200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:35.610Z [NewApplication] Browsers, $appdata\Google\Chrome\Application\chrome.exe (C:\Users\george.SQSLTD\AppData\Local\Google\Chrome\Application\chrome.exe)
2018-07-04T10:14:35.614Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101435
2018-07-04T10:14:35.636Z [Protected] PID 8076, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:35.638Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435637-1.xml
2018-07-04T10:14:35.692Z [NewApplication] Browsers, $appdata\Google\Chrome\Application\chrome.exe (C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe)
2018-07-04T10:14:35.712Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435707-2.xml
2018-07-04T10:14:35.715Z [NewApplication] Browsers, $programfiles\Internet Explorer\iexplore.exe (C:\Program Files\Internet Explorer\iexplore.exe)
2018-07-04T10:14:35.728Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435725-3.xml
2018-07-04T10:14:35.734Z [NewApplication] Browsers, $programfiles\Opera\53.0.2907.99\opera.exe (C:\Program Files\Opera\53.0.2907.99\opera.exe)
2018-07-04T10:14:35.747Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435746-4.xml
2018-07-04T10:14:35.765Z [NewApplication] Plugins, $system32\Macromed\Flash\FlashPlayerPlugin_30_0_0_113.exe (C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_30_0_0_113.exe)
2018-07-04T10:14:35.810Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435809-5.xml
2018-07-04T10:14:35.851Z [NewApplication] Office, $programfiles\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe)
2018-07-04T10:14:35.877Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101435875-6.xml
2018-07-04T10:14:35.884Z [NewApplication] Office, $programfiles\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe (C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe)
2018-07-04T10:14:36.117Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101436116-7.xml
2018-07-04T10:14:36.122Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\WINWORD.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE)
2018-07-04T10:14:36.182Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101436181-8.xml
2018-07-04T10:14:36.189Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\EXCEL.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE)
2018-07-04T10:14:36.663Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101436659-9.xml
2018-07-04T10:14:36.674Z [NewApplication] Office, $programfiles\Microsoft Office\Root\Office16\POWERPNT.EXE (C:\Program Files (x86)\Microsoft Office\Root\Office16\POWERPNT.EXE)
2018-07-04T10:14:37.197Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101437196-10.xml
2018-07-04T10:14:37.207Z [NewApplication] Office, $programfiles\Windows NT\Accessories\WORDPAD.EXE (C:\Program Files\Windows NT\Accessories\WORDPAD.EXE)
2018-07-04T10:14:38.136Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438134-11.xml
2018-07-04T10:14:38.141Z [NewApplication] Media, $programfiles\VideoLAN\VLC\vlc.exe (C:\Program Files (x86)\VideoLAN\VLC\vlc.exe)
2018-07-04T10:14:38.407Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438405-12.xml
2018-07-04T10:14:38.470Z [NewApplication] Media, $windows\eHome\ehshell.exe (C:\Windows\eHome\ehshell.exe)
2018-07-04T10:14:38.493Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438492-13.xml
2018-07-04T10:14:38.502Z [NewApplication] Media, $programfiles\Windows Media Player\wmplayer.exe (C:\Program Files (x86)\Windows Media Player\wmplayer.exe)
2018-07-04T10:14:38.531Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438526-14.xml
2018-07-04T10:14:38.535Z [NewApplication] Media, $programfiles\Windows Live\Photo Gallery\WLXPhotoGallery.exe (C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe)
2018-07-04T10:14:38.549Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438548-15.xml
2018-07-04T10:14:38.553Z [NewApplication] Media, $programfiles\Windows Live\Photo Gallery\MovieMaker.exe (C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe)
2018-07-04T10:14:38.573Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438572-16.xml
2018-07-04T10:14:38.584Z [NewApplication] Media, $programfiles\Adobe\Adobe Flash CS5\Players\FlashPlayer.exe (C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\FlashPlayer.exe)
2018-07-04T10:14:38.668Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101438666-17.xml
2018-07-04T10:14:38.675Z [NewApplication] Other, $programfiles\Microsoft Office\Root\Office16\lync.exe (C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe)
2018-07-04T10:14:39.013Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101439007-18.xml
2018-07-04T10:14:39.073Z [NewApplication] Other, $programfiles\Skype\Phone\Skype.exe (C:\Program Files (x86)\Skype\Phone\Skype.exe)
2018-07-04T10:14:39.516Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101439515-19.xml
2018-07-04T10:14:39.523Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\java.exe (c:\program files (x86)\java\jre1.8.0_151\bin\java.exe)
2018-07-04T10:14:39.926Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101439925-20.xml
2018-07-04T10:14:39.990Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\javaw.exe (c:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe)
2018-07-04T10:14:40.758Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101440756-21.xml
2018-07-04T10:14:40.763Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\javaws.exe (c:\program files (x86)\java\jre1.8.0_151\bin\javaws.exe)
2018-07-04T10:14:41.104Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101441103-22.xml
2018-07-04T10:14:41.108Z [NewApplication] Java, $programfiles\java\jre1.8.0_151\bin\jp2launcher.exe (c:\program files (x86)\java\jre1.8.0_151\bin\jp2launcher.exe)
2018-07-04T10:14:41.130Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\NewApp-20180704101441127-23.xml
2018-07-04T10:14:45.713Z [Protected] PID 8172, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:45.806Z [Protected] PID 8184, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:14:45.842Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101445
2018-07-04T10:15:19.268Z [Protected] PID 7332, Features 0000200000000004, C:\Windows\System32\taskeng.exe
2018-07-04T10:15:19.591Z [Protected] PID 6340, Features 0000200000000004, C:\Users\george\AppData\Local\Google\Update\GoogleUpdate.exe
2018-07-04T10:15:20.492Z [Protected] PID 6800, Features 0000200000000004, C:\Users\george\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
2018-07-04T10:15:23.900Z [Protected] PID 7396, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:15:35.353Z [Protected] PID 7564, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:15:35.840Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101535
2018-07-04T10:15:35.856Z [Protected] PID 7516, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:16:35.371Z [Protected] PID 8048, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:16:35.918Z [ApplyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101635
2018-07-04T10:16:35.939Z [Protected] PID 2232, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:17:53.377Z [Protected] PID 7444, Features 0000200000000004, C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2018-07-04T10:17:53.794Z [Protected] PID 3124, Features 0000200000000004, C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
2018-07-04T10:18:13.100Z [Protected] PID 7412, Features 0000200000000004, C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
2018-07-04T10:18:18.389Z [Protected] PID 7584, Features 000020000000000C, C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2018-07-04T10:18:24.125Z [Protected] PID 4504, Features 0000200000000004, C:\Windows\System32\SearchProtocolHost.exe
2018-07-04T10:18:24.579Z [Protected] PID 2236, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:18:28.323Z [Protected] PID 6852, Features 0000200000009004, C:\Program Files\Internet Explorer\iexplore.exe
2018-07-04T10:18:31.900Z [Alert] Intruder, familyId=1e011c52-ba2e-4538-a760-d868a1b27f0d, PID 6852, C:\Program Files\Internet Explorer\iexplore.exe
2018-07-04T10:18:31.905Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704101831903-24.xml
2018-07-04T10:18:31.908Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\fc57f05f-bd0f-4853-875c-38298b16473a.json
2018-07-04T10:18:33.268Z [Protected] PID 4656, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:18:33.714Z [Protected] PID 2456, Features 000020000000B004, C:\Program Files (x86)\Internet Explorer\iexplore.exe
2018-07-04T10:18:38.788Z [Alert] Intruder, familyId=ce7eaa10-6620-4e17-9094-5bb23dfed40e, PID 2456, C:\Program Files (x86)\Internet Explorer\iexplore.exe
2018-07-04T10:18:38.791Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704101838790-25.xml
2018-07-04T10:18:38.794Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\deecd79b-f459-417d-92ad-cf29158a9354.json
2018-07-04T10:18:41.177Z [Protected] PID 8184, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:18:42.218Z [Protected] PID 6252, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:18:42.486Z [Protected] PID 8148, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:18:42.515Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704101842
2018-07-04T10:18:49.976Z [Protected] PID 7536, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:18:54.025Z [Protected] PID 8020, Features 000020000000000C, C:\Windows\System32\wermgr.exe
2018-07-04T10:18:54.402Z [Protected] PID 3460, Features 0000200000000004, C:\Windows\System32\rundll32.exe
2018-07-04T10:19:03.774Z [Protected] PID 6432, Features 0000200000000004, C:\ProgramData\Sophos\AutoUpdate\Cache\sophos_autoupdate1.dir\SophosUpdate.exe
2018-07-04T10:19:06.183Z [Protected] PID 2356, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:19:12.429Z [Protected] PID 8056, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:19:37.354Z [Protected] PID 7464, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:19:52.266Z [Protected] PID 5692, Features 0000200000000004, C:\Program Files\Sophos\Sophos Standalone Engine\engine1\engine\15306990950041643\validator.exe
2018-07-04T10:19:53.876Z [Protected] PID 5704, Features 0000200000000004, C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sfs64\Verify.exe
2018-07-04T10:19:56.165Z [Protected] PID 5764, Features 000020000000000C, C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
2018-07-04T10:19:56.238Z [Protected] PID 5392, Features 0000200000000004, C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
2018-07-04T10:19:57.278Z [Protected] PID 5176, Features 0000200000000004, C:\Program Files\Sophos\Sophos File Scanner\SophosFileScanner.exe
2018-07-04T10:20:53.252Z [Protected] PID 6040, Features 0000200000000004, C:\Windows\System32\taskeng.exe
2018-07-04T10:20:53.928Z [Protected] PID 6828, Features 0000200000000004, C:\Windows\SysWOW64\dllhost.exe
2018-07-04T10:20:56.378Z [Protected] PID 6628, Features 0000200000000004, C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
2018-07-04T10:20:59.155Z [Protected] PID 3480, Features 0000200000000004, C:\Windows\System32\SearchProtocolHost.exe
2018-07-04T10:21:00.221Z [Protected] PID 2624, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:21:21.279Z [Protected] PID 6432, Features 0000200000000008, C:\Windows\System32\sppsvc.exe
2018-07-04T10:21:21.344Z [Protected] PID 7720, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.450Z [Protected] PID 5708, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.525Z [Protected] PID 4504, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.563Z [Protected] PID 6052, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.654Z [Protected] PID 8148, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.680Z [Protected] PID 4216, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.733Z [Protected] PID 5980, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.750Z [Protected] PID 7232, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.893Z [Protected] PID 4984, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:21.912Z [Protected] PID 2432, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:21.984Z [Protected] PID 3124, Features 0000200000000000, C:\Windows\System32\conhost.exe
2018-07-04T10:21:22.000Z [Protected] PID 7648, Features 0000200000000004, C:\Windows\System32\schtasks.exe
2018-07-04T10:21:22.555Z [Protected] PID 7344, Features 0000200000000004, C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
2018-07-04T10:21:53.571Z [Protected] PID 7156, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:22:04.849Z [Protected] PID 7176, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:22:11.421Z [Protected] PID 7668, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:13.385Z [Protected] PID 8052, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:20.880Z [Alert] Intruder, familyId=d04bc712-37df-4118-859b-8b46850e3d09, PID 8052, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:20.897Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102220894-26.xml
2018-07-04T10:22:20.907Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\33d5d6a3-cfbd-4418-99ea-286da967536e.json
2018-07-04T10:22:22.647Z [Alert] Intruder, familyId=952b7382-b689-4066-94e8-baacf921af00, PID 7668, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:22.653Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102222650-27.xml
2018-07-04T10:22:22.656Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d3f0111d-8116-4bde-b487-b97f78714d77.json
2018-07-04T10:22:25.484Z [Protected] PID 5692, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:26.017Z [Protected] PID 4532, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:27.211Z [Protected] PID 3012, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:27.594Z [Protected] PID 7788, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:27.766Z [Protected] PID 6936, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.470Z [Protected] PID 3124, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.784Z [Protected] PID 4656, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.970Z [Alert] Intruder, familyId=e13f5a3b-2033-42fb-814d-ae590a2c980d, PID 5692, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:28.974Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102228973-28.xml
2018-07-04T10:22:28.989Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\b3efdca2-502a-449c-8060-0f2cba36eb27.json
2018-07-04T10:22:29.553Z [Alert] Intruder, familyId=d2200a29-66cf-498e-86f1-dd1d96da7e86, PID 4532, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:29.595Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102229593-29.xml
2018-07-04T10:22:29.606Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\28ea4a09-a303-41aa-a1a3-12e474c3ad0b.json
2018-07-04T10:22:31.145Z [Protected] PID 8280, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:31.172Z [Alert] Intruder, familyId=55f08377-479a-4828-9a62-4e4458d57de2, PID 7788, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:31.176Z [Alert] Intruder, familyId=baef9362-9344-4d48-a6f5-cae99fba96a0, PID 3012, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:31.188Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102231187-30.xml
2018-07-04T10:22:31.202Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102231201-31.xml
2018-07-04T10:22:31.222Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\1f25f47c-2eae-46a4-bda9-f8c03cea2017.json
2018-07-04T10:22:31.226Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e3dadd05-06dd-4c4e-bbf1-3baac5559e06.json
2018-07-04T10:22:31.269Z [Protected] PID 8300, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:31.291Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102231
2018-07-04T10:22:31.295Z [Alert] Intruder, familyId=0c9a10d3-bb8e-4814-9b1e-73ffd63fd620, PID 6936, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:31.300Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102231298-32.xml
2018-07-04T10:22:31.313Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\f4281fe1-ba02-4b5a-8cd9-8cf875d5f4aa.json
2018-07-04T10:22:32.116Z [Alert] Intruder, familyId=4d85e798-a39f-4683-b818-f3f5059e9fcb, PID 3124, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:32.139Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102232137-33.xml
2018-07-04T10:22:32.257Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\541fa49f-cd7b-4377-9ebe-ae5d8e47a521.json
2018-07-04T10:22:32.284Z [Alert] Intruder, familyId=968c64db-8993-4209-9c25-f8267f9117cc, PID 4656, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:22:32.299Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102232297-34.xml
2018-07-04T10:22:32.386Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e907b2d5-c926-4570-ae43-ee94615ea9f5.json
2018-07-04T10:22:41.328Z [Protected] PID 8496, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:41.400Z [Protected] PID 8508, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:22:41.424Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102241
2018-07-04T10:25:54.545Z [Protected] PID 8812, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:25:54.806Z [Protected] PID 8852, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:26:01.074Z [Protected] PID 9012, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:27:33.446Z [Protected] PID 8016, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:27:33.482Z [Protected] PID 7272, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:27:41.963Z [Protected] PID 4780, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:27:49.873Z [Protected] PID 2524, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:50.515Z [Protected] PID 9128, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:51.435Z [Protected] PID 4244, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:52.172Z [Protected] PID 8380, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:53.092Z [Alert] Intruder, familyId=e1d74647-15bc-4fe6-9909-fa6640de2d31, PID 2524, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:53.095Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102753093-35.xml
2018-07-04T10:27:53.099Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\71d53096-5c99-4579-b87a-f9d172e00282.json
2018-07-04T10:27:53.825Z [Alert] Intruder, familyId=22eef432-298d-40f2-a778-6266f0c53959, PID 9128, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:53.827Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102753825-36.xml
2018-07-04T10:27:53.832Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e8314e76-3182-4ef5-be3f-b46ef68587e8.json
2018-07-04T10:27:54.583Z [Alert] Intruder, familyId=3b0f90e4-1ddb-4be4-88a4-d6a881ae0304, PID 4244, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:54.585Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102754583-37.xml
2018-07-04T10:27:54.593Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\221187b5-8f9b-4f88-9f17-eb5d48581456.json
2018-07-04T10:27:55.330Z [Alert] Intruder, familyId=300e71a9-ee24-4755-b5de-ca52dc44265a, PID 8380, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:27:55.332Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102755331-38.xml
2018-07-04T10:27:55.336Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\9bf8f146-b49f-4b62-832d-d9cfa6d643f0.json
2018-07-04T10:28:03.115Z [Protected] PID 2164, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:03.145Z [Protected] PID 8068, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:03.202Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102803
2018-07-04T10:28:14.469Z [Protected] PID 8480, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:14.577Z [Protected] PID 8500, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:14.603Z [Protected] PID 2432, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:15.180Z [Protected] PID 1056, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.507Z [Protected] PID 5720, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.573Z [Alert] Intruder, familyId=ee9760a1-2163-4b7f-9e3e-cacacad1b57c, PID 8500, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.683Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102818681-39.xml
2018-07-04T10:28:18.785Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\53950a77-f212-46a5-a2b5-20d239390d69.json
2018-07-04T10:28:18.795Z [Alert] Intruder, familyId=6be7d697-92c6-43ec-9bfe-4a67bc84e205, PID 1056, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.805Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102818804-40.xml
2018-07-04T10:28:18.867Z [Alert] Intruder, familyId=8bd57576-2395-45cf-b82e-7b1713def047, PID 2432, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:18.871Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\2b7ca15f-df2f-4371-8ede-bd9f8b9dc9f6.json
2018-07-04T10:28:18.940Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102818873-41.xml
2018-07-04T10:28:19.313Z [Alert] Intruder, familyId=3d91765c-4e0a-4644-85ef-451ac8c6aa1e, PID 8480, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:19.389Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\da3c8e15-241b-44fe-8341-6c1847c59a0d.json
2018-07-04T10:28:19.401Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102819345-42.xml
2018-07-04T10:28:19.404Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\c8e6b12e-211f-48f8-8b1d-7d6949dcfb6a.json
2018-07-04T10:28:20.297Z [Protected] PID 7212, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:20.438Z [Protected] PID 8784, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:21.468Z [Protected] PID 8404, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:22.063Z [Alert] Intruder, familyId=9c8a4551-ce9a-4179-b9ef-be2c973d28c5, PID 5720, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:22.152Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102822150-43.xml
2018-07-04T10:28:22.234Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\730d338f-e8d4-4029-9be1-a068d99d7aec.json
2018-07-04T10:28:24.852Z [Alert] Intruder, familyId=821d6a67-96b6-4c39-abdd-6a2b875cc3c4, PID 7212, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:24.916Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102824914-44.xml
2018-07-04T10:28:24.946Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d8a24c30-09db-43ce-93b4-da7c3748b566.json
2018-07-04T10:28:25.047Z [Alert] Intruder, familyId=7b15f519-d04f-4e86-9932-d0ca2254c802, PID 8784, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:25.052Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102825050-45.xml
2018-07-04T10:28:25.061Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d9e5a722-8f15-48f0-90c8-f3bed11ea1e6.json
2018-07-04T10:28:25.135Z [Alert] Intruder, familyId=e6fbcd55-4d2e-469e-9302-efffd9b3749c, PID 8404, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:25.156Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102825155-46.xml
2018-07-04T10:28:25.159Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\6aaef38a-b418-4fb6-a834-142512534a5f.json
2018-07-04T10:28:25.983Z [Protected] PID 9184, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:26.144Z [Protected] PID 8580, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:26.282Z [Protected] PID 7572, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:27.899Z [Protected] PID 7188, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:28.801Z [Protected] PID 8360, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:28.927Z [Protected] PID 7232, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:28.959Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102828
2018-07-04T10:28:29.179Z [Alert] Intruder, familyId=02074d47-4879-4211-857c-52f122a6d2be, PID 9184, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:29.184Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102829181-47.xml
2018-07-04T10:28:29.212Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\9e2c7316-9701-46c5-9941-8c414b3ab85d.json
2018-07-04T10:28:29.418Z [Alert] Intruder, familyId=21a12651-bdfd-47b2-ab86-8767a6616a7d, PID 8580, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:29.422Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102829420-48.xml
2018-07-04T10:28:29.431Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d72b6914-2b6d-4a52-8162-2efaa479d239.json
2018-07-04T10:28:29.936Z [Alert] Intruder, familyId=9a0a4c24-de2a-44c7-94a2-0b73441b269e, PID 7572, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:29.960Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102829959-49.xml
2018-07-04T10:28:29.964Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\43e2f41b-fd85-48af-bb0f-45a344cd7997.json
2018-07-04T10:28:31.088Z [Alert] Intruder, familyId=4b6c01b4-5602-4153-aec7-8f479205edcd, PID 7188, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:28:31.090Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102831089-50.xml
2018-07-04T10:28:31.094Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\05523917-eb9e-426b-9f18-1cdb9bbca7c5.json
2018-07-04T10:28:39.189Z [Protected] PID 4380, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:39.290Z [Protected] PID 8360, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:28:39.389Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704102839
2018-07-04T10:29:50.316Z [Protected] PID 9060, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:50.469Z [Protected] PID 3088, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:52.783Z [Protected] PID 8884, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:53.764Z [Alert] Intruder, familyId=480f60fe-615e-425f-9d1b-c6f6732ec795, PID 9060, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:53.765Z [Alert] Intruder, familyId=f19f0509-cf66-4f7e-8ff9-363243d32e55, PID 3088, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:53.767Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102953766-51.xml
2018-07-04T10:29:53.789Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102953776-52.xml
2018-07-04T10:29:53.791Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\1cf6ca25-57f2-4ee5-97ed-7d69bc2f2d60.json
2018-07-04T10:29:53.801Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\181aac4e-9e93-4517-a016-c993872c6700.json
2018-07-04T10:29:55.920Z [Alert] Intruder, familyId=f68794fe-894b-466b-b420-f318e2b4fa49, PID 8884, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:55.922Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704102955921-53.xml
2018-07-04T10:29:55.927Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\82222b90-a02b-4ea5-ade2-1701cf140ea0.json
2018-07-04T10:29:58.309Z [Protected] PID 8396, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:29:58.542Z [Protected] PID 7924, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:02.040Z [Alert] Intruder, familyId=206bd9d3-c3c9-4eeb-ad91-f584b8601978, PID 8396, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:02.041Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103002040-54.xml
2018-07-04T10:30:02.043Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\3abf9780-1aec-4f57-a860-61d2a26de543.json
2018-07-04T10:30:03.484Z [Protected] PID 4396, Features 0000200000000004, C:\Windows\System32\wbem\WmiPrvSE.exe
2018-07-04T10:30:03.823Z [Protected] PID 8652, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:03.951Z [Protected] PID 8796, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:04.045Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103003
2018-07-04T10:30:05.918Z [Alert] Intruder, familyId=e8cd2f7b-408f-4537-9fa7-0925785c60f0, PID 7924, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:05.920Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103005918-55.xml
2018-07-04T10:30:05.979Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\1dfe602a-fee2-40f2-a4a0-d1d34ceb91a6.json
2018-07-04T10:30:06.051Z [Protected] PID 1264, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:06.735Z [Protected] PID 5412, Features 0000200000000004, C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
2018-07-04T10:30:09.328Z [Alert] Intruder, familyId=c2c322cd-8cec-4068-a3dd-5587ab8852d5, PID 1264, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:30:09.354Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103009352-56.xml
2018-07-04T10:30:09.367Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\5ab75013-3e89-428e-89b0-9f91b217a31f.json
2018-07-04T10:30:15.948Z [Protected] PID 5312, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:15.987Z [Protected] PID 8868, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:30:16.027Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103015
2018-07-04T10:31:17.466Z [Protected] PID 7648, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:31:24.140Z [Protected] PID 8452, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:31:41.390Z [Protected] PID 780, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:31:47.976Z [Protected] PID 8728, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:32:01.071Z [Protected] PID 3208, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:32:11.012Z [Protected] PID 8532, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:33:58.124Z [Protected] PID 3208, Features 0000200000000004, C:\Windows\System32\mmc.exe
2018-07-04T10:34:26.340Z [Protected] PID 8384, Features 000020000000000C, C:\Windows\System32\svchost.exe
2018-07-04T10:35:53.972Z [Protected] PID 8840, Features 0000200000000004, C:\Windows\System32\taskeng.exe
2018-07-04T10:35:54.401Z [Protected] PID 3012, Features 0000200000000004, C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
2018-07-04T10:36:03.438Z [Protected] PID 8788, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:37:26.291Z [Protected] PID 8684, Features 0000200000000004, C:\Windows\SysWOW64\SearchProtocolHost.exe
2018-07-04T10:37:26.340Z [Protected] PID 8432, Features 0000200000000004, C:\Windows\System32\SearchFilterHost.exe
2018-07-04T10:37:38.486Z [Protected] PID 6416, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:38:18.748Z [Protected] PID 5700, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:38:21.886Z [Alert] Intruder, familyId=c78caa01-6c0e-4d9f-bf79-e553cbb2e75d, PID 5700, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:38:21.891Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103821890-57.xml
2018-07-04T10:38:21.897Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\5d337d9c-7c0c-4b5e-b7e4-4e3fbb511a2d.json
2018-07-04T10:38:32.020Z [Protected] PID 6224, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:38:32.086Z [Protected] PID 1260, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:38:32.146Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103832
2018-07-04T10:39:34.475Z [Protected] PID 7720, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:39:37.636Z [Alert] Intruder, familyId=2d783253-2ebe-4b67-bb9e-c647df60df50, PID 7720, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:39:37.639Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704103937638-58.xml
2018-07-04T10:39:37.642Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\91bff786-6b9a-48ec-85c6-88e4c6cd8d28.json
2018-07-04T10:39:47.676Z [Protected] PID 6616, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:39:47.919Z [Protected] PID 8932, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:39:47.952Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704103947
2018-07-04T10:40:07.162Z [Protected] PID 6600, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:07.388Z [Protected] PID 8316, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:08.057Z [Protected] PID 7328, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:10.228Z [Protected] PID 8004, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:10.810Z [Alert] Intruder, familyId=bb62b2c4-d112-4945-a5b8-c4aa029d1007, PID 6600, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:10.812Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104010810-59.xml
2018-07-04T10:40:10.823Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e8519baa-559e-4c74-9198-8086ecb69cbf.json
2018-07-04T10:40:11.477Z [Protected] PID 3896, Features 0000200000009004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:11.478Z [Alert] Intruder, familyId=191fc3ad-ac11-48c6-9c28-ddaef34db1ba, PID 7328, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:11.497Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104011495-60.xml
2018-07-04T10:40:11.535Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\d5be0fad-7eea-415c-a452-1a347ab74837.json
2018-07-04T10:40:11.924Z [Alert] Intruder, familyId=2d2f0032-46f7-4464-a20b-77cc30a9b05b, PID 8316, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:11.926Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104011925-61.xml
2018-07-04T10:40:11.930Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\ec78323f-ae27-4737-8b15-5e41be1b21a8.json
2018-07-04T10:40:14.845Z [Alert] Intruder, familyId=12b759ce-3d05-4222-9dc2-ff242f8adf1a, PID 3896, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:14.915Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104014913-62.xml
2018-07-04T10:40:14.986Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\a4ebbba9-3bc3-4d66-b96b-ab338109b1d0.json
2018-07-04T10:40:15.382Z [Alert] Intruder, familyId=eff74c81-0501-4420-a099-439004606500, PID 8004, C:\Users\george\AppData\Local\Google\Chrome\Application\chrome.exe
2018-07-04T10:40:15.415Z [Sophos] dropped C:\ProgramData\HitmanPro.Alert\MCS\Alert-20180704104015414-63.xml
2018-07-04T10:40:15.440Z [Sophos] dropped C:\ProgramData\Sophos\Health\Event Store\Incoming\e527f841-5a37-49dc-ac64-88556fb6706a.json
2018-07-04T10:40:20.770Z [Protected] PID 6616, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:40:20.796Z [Protected] PID 8756, Features 0000200000000004, C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
2018-07-04T10:40:20.817Z [VerifyPolicy] success, C:\ProgramData\HitmanPro.Alert\policy_20180704104020
2018-07-04T10:43:22.819Z [Protected] PID 9032, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:43:33.403Z [Protected] PID 3484, Features 0000200000000004, C:\Windows\System32\dllhost.exe
2018-07-04T10:43:49.832Z [Protected] PID 9072, Features 0000200000000004, C:\Windows\System32\notepad.exe
2018-07-04T10:43:50.506Z [Protected] PID 1488, Features 0000200000000004, C:\Windows\System32\dllhost.exe

 

I have checked the forum and see similar threads but none seem to show a light on the issue.

I have checked and cannot see any sign of LanDesk or Trusteer rapport being installed

Any help greatly appreciated



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Gowtham Mani

    Hi and thanks for the response

    As you can from see from my post, the details in the error are slightly different and we are not running LanDesk which is described in the advisory as the only customers involved.

     

    That all being said, it is indeed a very similar error and situation.

     

    Chris

Children
No Data
Unfiltered HTML