This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Safe Browsing detected browser Google Chrome has been compromised

Windows 7 Enterprise Version 6.1 (Build 7601: Service Pack 1)

Running Sophos Virus Removal Tool currently.

Endpoint Type:

Computer

OS:

Windows

User:

Removed Removed

Device:

WLABADM5
Ransomware:

family_id: b19e9c08-4aeb-42ce-93c8-f9a48e6ea8c0
mitigation: Intruder
process_version: 90
thumbprint: 288c28545c7167dc7eeefe5ba7d3d810ae6afd6eea54cf182c5be44cb1b269d6
type: Intruder
process_pid: 14180
version: 3.8.1.504
uid: bacce4c4-1054-f145-9c1b-162180bfe802
app_name: Google Chrome
process_alias_path: $programfiles\Google\Chrome\Application\chrome.exe
process_name: Google Chrome
details: Intruder

Platform 6.1.7601/x64 v504 06_3a
PID 14180
Enabled 007D2A3C1DBF9004
Silent 0020000000000100
Application C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Created 2017-11-30T06:00:52
Modified 2021-04-24T01:33:15
Description Google Chrome 90

Loaded Modules (128)
-----------------------------------------------------------------------------
00000000017C0000-00000000017D8000 C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\x64\nlutmgrhook_x64.dll (Nuance Communications, I),
version: 12.51.217.101
00000000017F0000-0000000001825000 C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\x64\dgniedct_x64.dll (Nuance Communications, I),
version: 12.51.217.101
0000000002A30000-0000000002A86000 C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\x64\dd10hook_x64.dll (Nuance Communications, I),
version: 12.51.217.101
0000000003B60000-0000000003C04000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXCrypt64.dll (Imprivata, Inc.),
version: 5,3,103,24
0000000004FF0000-0000000005024000 C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\x64\dd10axa_x64.dll (Nuance Communications, I),
version: 12.51.217.101
000000005FA20000-000000005FA27000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXHookInit64.dll (Imprivata, Inc.),
version: 5,3,103,24
0000000060620000-000000006069B000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXComm64.dll (Imprivata, Inc.),
version: 5,3,103,24
00000000606A0000-000000006074C000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXHook64.dll (Imprivata, Inc.),
version: 5,3,103,24
0000000072350000-000000007238F000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXSendKeys64.dll (Imprivata, Inc.),
version: 5,3,103,24
0000000073C10000-0000000073CE2000 C:\WINDOWS\system32\MSVCR100.dll (Microsoft Corporation),
version: 10.00.40219.325
0000000073CF0000-0000000073D88000 C:\WINDOWS\system32\MSVCP100.dll (Microsoft Corporation),
version: 10.00.40219.325
0000000073D90000-0000000073F2C000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\ISXUtils64.dll (Imprivata, Inc.),
version: 5,3,103,24
0000000074350000-0000000074356000 C:\WINDOWS\system32\ksuser.dll (Microsoft Corporation),
version: 6.1.7601.19091 (win7sp1_gdr.151208-0600)
0000000074360000-0000000074413000 C:\Program Files (x86)\Imprivata\OneSign Agent\x64\isxtrace_dll64.dll (Imprivata, Inc.),
version: 5,3,103,24
0000000076D50000-0000000076E4A000 C:\WINDOWS\system32\USER32.dll (Microsoft Corporation),
version: 6.1.7601.23594 (win7sp1_ldr.161110-0600)
0000000076E50000-0000000076F6F000 C:\Windows\System32\kernel32.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
0000000076F70000-000000007710F000 C:\Windows\System32\ntdll.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
0000000077120000-0000000077127000 C:\WINDOWS\system32\PSAPI.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000000013FE40000-0000000140099000 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC),
version: 90.0.4430.93
000007FECC7B0000-000007FED6E4A000 C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\chrome.dll (Google LLC),
version: 90.0.4430.93
000007FED8C00000-000007FED902A000 C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_filter_64.dll (Sophos Limited),
version: 3.8.2.21
000007FED9550000-000007FED9941000 C:\WINDOWS\system32\mf.dll (Microsoft Corporation),
version: 12.0.7601.24382 (win7sp1_ldr.190210-0600
000007FED9EC0000-000007FED9F7A000 C:\WINDOWS\system32\UIAutomationCore.DLL (Microsoft Corporation),
version: 7.0.0.0 (win7_rtm.090713-1255)
000007FED9FB0000-000007FEDA114000 C:\WINDOWS\System32\Speech\Common\sapi.dll (Microsoft Corporation),
version: 5.3.13120.00 (win7sp1_rtm.101119-1850)
000007FEDA380000-000007FEDA4A8000 C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\chrome_elf.dll (Google LLC),
version: 90.0.4430.93
000007FEDA4F0000-000007FEDA532000 C:\WINDOWS\system32\mfreadwrite.dll (Microsoft Corporation),
version: 12.0.7601.17514 (win7sp1_rtm.101119-1850
000007FEDF5C0000-000007FEDF5E0000 C:\WINDOWS\system32\wlanapi.dll (Microsoft Corporation),
version: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
000007FEDFB10000-000007FEDFBAC000 C:\WINDOWS\system32\mscms.dll (Microsoft Corporation),
version: 6.1.7601.23971 (win7sp1_ldr.171205-0600)
000007FEDFF00000-000007FEE0097000 C:\WINDOWS\system32\DWrite.dll (Microsoft Corporation),
version: 6.2.9200.22164 (win8_ldr.170506-0600)
000007FEE0690000-000007FEE0745000 C:\WINDOWS\system32\bthprops.cpl (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEE6650000-000007FEE681B000 C:\WINDOWS\system32\explorerframe.dll (Microsoft Corporation),
version: 6.1.7601.24234 (win7sp1_ldr.180813-0600)
000007FEE8D80000-000007FEE8DEF000 C:\WINDOWS\System32\Wpc.dll (Microsoft Corporation),
version: 1.0.0.1
000007FEE9430000-000007FEE9514000 C:\WINDOWS\system32\spool\DRIVERS\x64\3\mxdwdrv.dll (Microsoft Corporation),
version: 6.2.9200.20562 (win8_ldr.121114-1705)
000007FEE9520000-000007FEE96F5000 C:\WINDOWS\system32\spool\DRIVERS\x64\3\hpb6sy2917_x64gui.dll (HP),
version: 13.2.0.639
000007FEEC130000-000007FEEC19D000 C:\WINDOWS\system32\MFPlat.DLL (Microsoft Corporation),
version: 12.0.7601.24382 (win7sp1_ldr.190210-0600
000007FEEC6F0000-000007FEEC6F7000 C:\WINDOWS\system32\wlanutil.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEEDBB0000-000007FEEDBF7000 C:\WINDOWS\System32\WDSCORE.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEF82E0000-000007FEF8405000 C:\WINDOWS\system32\dbghelp.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEF85A0000-000007FEF85A9000 C:\WINDOWS\system32\SensApi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEF8660000-000007FEF8672000 C:\WINDOWS\system32\SPOOLSS.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEF8990000-000007FEF8A01000 C:\WINDOWS\system32\WINSPOOL.DRV (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEF91D0000-000007FEF91F7000 C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation),
version: 6.1.7601.24382 (win7sp1_ldr.190210-0600)
000007FEF9B50000-000007FEF9B68000 C:\WINDOWS\system32\dhcpcsvc.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEF9BD0000-000007FEF9BE1000 C:\WINDOWS\system32\dhcpcsvc6.DLL (Microsoft Corporation),
version: 6.1.7601.17970 (win7sp1_gdr.121009-0412)
000007FEF9DA0000-000007FEF9DBD000 C:\WINDOWS\system32\SAMLIB.dll (Microsoft Corporation),
version: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
000007FEF9FE0000-000007FEFA034000 C:\WINDOWS\system32\OLEACC.dll (Microsoft Corporation),
version: 7.0.0.0 (win7sp1_gdr.110826-1504)
000007FEFA040000-000007FEFA047000 C:\WINDOWS\system32\MSIMG32.dll (Microsoft Corporation),
version: 6.1.7601.24356 (win7sp1_ldr_escrow.19011
000007FEFA120000-000007FEFA134000 C:\WINDOWS\system32\SAMCLI.DLL (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFA140000-000007FEFA1A5000 C:\WINDOWS\system32\webio.dll (Microsoft Corporation),
version: 6.1.7601.23375 (win7sp1_ldr.160309-0600)
000007FEFA1B0000-000007FEFA221000 C:\WINDOWS\system32\WINHTTP.dll (Microsoft Corporation),
version: 6.1.7601.24000 (win7sp1_ldr.171231-1547)
000007FEFA290000-000007FEFA2C0000 C:\WINDOWS\System32\SensorsApi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFA2C0000-000007FEFA2CF000 C:\Windows\system32\qmgrprxy.dll (Microsoft Corporation),
version: 7.5.7600.16385 (win7_rtm.090713-1255)
000007FEFA3B0000-000007FEFA3DA000 C:\WINDOWS\system32\t2embed.dll (Microsoft Corporation),
version: 6.1.7601.24280 (win7sp1_ldr.181006-0600)
000007FEFA410000-000007FEFA41D000 C:\WINDOWS\system32\msdmo.dll (Microsoft Corporation),
version: 6.6.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFA6C0000-000007FEFA6D8000 C:\WINDOWS\system32\MSACM32.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFA6F0000-000007FEFA725000 C:\WINDOWS\system32\XmlLite.dll (Microsoft Corporation),
version: 1.3.1001.0
000007FEFA730000-000007FEFA748000 C:\WINDOWS\system32\dwmapi.dll (Microsoft Corporation),
version: 6.1.7601.18917 (win7sp1_gdr.150709-0600)
000007FEFA7A0000-000007FEFA7B1000 C:\WINDOWS\system32\WTSAPI32.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFA7D0000-000007FEFA7DB000 C:\WINDOWS\System32\slc.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFA8A0000-000007FEFA8B5000 C:\WINDOWS\system32\NLAapi.dll (Microsoft Corporation),
version: 6.1.7601.24000 (win7sp1_ldr.171231-1547)
000007FEFA8C0000-000007FEFA8FB000 C:\WINDOWS\system32\WINMM.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFA970000-000007FEFA985000 C:\WINDOWS\system32\wkscli.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFA9A0000-000007FEFA9E3000 C:\WINDOWS\system32\DUser.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFAAC0000-000007FEFABB2000 C:\WINDOWS\system32\DUI70.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFABC0000-000007FEFABD6000 C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation),
version: 6.1.7601.17887 (win7sp1_gdr.120704-0720)
000007FEFABE0000-000007FEFABF9000 C:\WINDOWS\system32\ATL.DLL (Microsoft Corporation),
version: 3.05.2284
000007FEFAC40000-000007FEFAE59000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24356_none_145a86628b9132a0\gdiplus.dll (Microsoft Corporation),
version: 6.1.7601.24356 (win7sp1_ldr_escrow.19011
000007FEFAE60000-000007FEFAF8C000 C:\WINDOWS\System32\PROPSYS.dll (Microsoft Corporation),
version: 7.00.7601.17514 (win7sp1_rtm.101119-1850
000007FEFAF90000-000007FEFAFDB000 C:\WINDOWS\System32\MMDevApi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFAFE0000-000007FEFAFE9000 C:\WINDOWS\system32\AVRT.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFB220000-000007FEFB276000 C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFB280000-000007FEFB474000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\Comctl32.dll (Microsoft Corporation),
version: 6.10 (win7sp1_gdr.150424-0604)
000007FEFB590000-000007FEFB5B7000 C:\WINDOWS\system32\IPHLPAPI.DLL (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFB940000-000007FEFB9FB000 C:\Windows\system32\FirewallAPI.dll (Microsoft Corporation),
version: 6.1.7601.24231 (win7sp1_ldr.180810-0600)
000007FEFBA00000-000007FEFBA07000 C:\WINDOWS\System32\wshtcpip.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFBA10000-000007FEFBA1B000 C:\WINDOWS\system32\WINNSI.DLL (Microsoft Corporation),
version: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
000007FEFBA20000-000007FEFBA51000 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited),
version: 3.8.2.21
000007FEFBB10000-000007FEFBB3D000 C:\WINDOWS\system32\ntmarta.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFBBA0000-000007FEFBBAC000 C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFBBB0000-000007FEFBBBD000 C:\WINDOWS\system32\pcwum.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFBBF0000-000007FEFBC0B000 C:\WINDOWS\system32\GPAPI.dll (Microsoft Corporation),
version: 6.1.7601.23452 (win7sp1_ldr.160512-0600)
000007FEFBD70000-000007FEFBD7C000 C:\WINDOWS\system32\netutils.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFBDF0000-000007FEFBE37000 C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFC090000-000007FEFC0E5000 C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation),
version: 6.1.7601.23451 (win7sp1_ldr.160511-0600)
000007FEFC0F0000-000007FEFC108000 C:\WINDOWS\system32\CRYPTSP.dll (Microsoft Corporation),
version: 6.1.7601.24382 (win7sp1_ldr.190210-0600)
000007FEFC200000-000007FEFC24C000 C:\WINDOWS\system32\bcryptprimitives.dll (Microsoft Corporation),
version: 6.1.7601.23451 (win7sp1_ldr.160511-0600)
000007FEFC290000-000007FEFC2B2000 C:\WINDOWS\system32\bcrypt.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFC2C0000-000007FEFC310000 C:\WINDOWS\system32\ncrypt.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFC350000-000007FEFC3BD000 C:\WINDOWS\System32\wevtapi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFC3E0000-000007FEFC403000 C:\WINDOWS\system32\srvcli.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFC550000-000007FEFC55B000 C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFC720000-000007FEFC745000 C:\WINDOWS\system32\SSPICLI.DLL (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFC750000-000007FEFC75F000 C:\WINDOWS\system32\cryptbase.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFC760000-000007FEFC7B7000 C:\WINDOWS\system32\apphelp.dll (Microsoft Corporation),
version: 6.1.7601.19050 (win7sp1_gdr.151029-0600)
000007FEFC7C0000-000007FEFC7D4000 C:\WINDOWS\system32\RpcRtRemote.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFC7E0000-000007FEFC7E3000 C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.DLL (Microsoft Corporation),
version: 10.0.14393.2630 (rs1_release_1.181010-18
000007FEFC7F0000-000007FEFC881000 C:\WINDOWS\system32\SXS.DLL (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFC890000-000007FEFC8CE000 C:\WINDOWS\system32\SophosAV\SOPHOS~1.DLL (Sophos Limited),
version: 10.8.10.810
000007FEFC8D0000-000007FEFC90D000 C:\WINDOWS\system32\WINSTA.dll (Microsoft Corporation),
version: 6.1.7601.18540 (win7sp1_gdr.140716-1508)
000007FEFC910000-000007FEFCA29000 C:\Windows\System32\hmpalert.dll (SurfRight B.V.),
version: 3.8.1.496
000007FEFCAC0000-000007FEFCACF000 C:\WINDOWS\system32\MSASN1.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFCAD0000-000007FEFCADF000 C:\WINDOWS\system32\profapi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFCAE0000-000007FEFCC4D000 C:\WINDOWS\system32\CRYPT32.dll (Microsoft Corporation),
version: 6.1.7601.24382 (win7sp1_ldr.190210-0600)
000007FEFCD00000-000007FEFCD6A000 C:\Windows\System32\KernelBase.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFCD80000-000007FEFCD85000 C:\WINDOWS\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll (Microsoft Corporation),
version: 6.2.9200.16492 (win8_gdr_oobssr.130113-0
000007FEFCD90000-000007FEFCDAE000 C:\WINDOWS\system32\USERENV.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFCDE0000-000007FEFCE16000 C:\WINDOWS\system32\CFGMGR32.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFCE20000-000007FEFCE3A000 C:\WINDOWS\system32\DEVOBJ.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFCE40000-000007FEFCE7B000 C:\WINDOWS\system32\WINTRUST.dll (Microsoft Corporation),
version: 6.1.7601.24382 (win7sp1_ldr.190210-0600)
000007FEFCE80000-000007FEFCEAE000 C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
000007FEFCEB0000-000007FEFCF4F000 C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation),
version: 7.0.7601.17744 (win7sp1_gdr.111215-1535)
000007FEFCF50000-000007FEFD14F000 C:\WINDOWS\system32\ole32.dll (Microsoft Corporation),
version: 6.1.7601.24335 (win7sp1_ldr_escrow.18122
000007FEFD1D0000-000007FEFD1EF000 C:\WINDOWS\SYSTEM32\sechost.dll (Microsoft Corporation),
version: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
000007FEFD650000-000007FEFD6C1000 C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFDB80000-000007FEFDB88000 C:\WINDOWS\system32\NSI.dll (Microsoft Corporation),
version: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
000007FEFDB90000-000007FEFDCBC000 C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFDCC0000-000007FEFDD27000 C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation),
version: 6.1.7601.24308 (win7sp1_ldr.181111-0600)
000007FEFDD30000-000007FEFDDC9000 C:\WINDOWS\system32\CLBCatQ.DLL (Microsoft Corporation),
version: 2001.12.8530.16385 (win7_rtm.090713-1255
000007FEFDDD0000-000007FEFDE9B000 C:\WINDOWS\system32\USP10.dll (Microsoft Corporation),
version: 1.0626.7601.23894 (win7sp1_ldr.170816-06
000007FEFDEA0000-000007FEFDF7B000 C:\WINDOWS\system32\ADVAPI32.dll (Microsoft Corporation),
version: 6.1.7601.24384 (win7sp1_ldr_escrow.19022
000007FEFDF80000-000007FEFDFCD000 C:\WINDOWS\system32\WS2_32.dll (Microsoft Corporation),
version: 6.1.7601.23451 (win7sp1_ldr.160511-0600)
000007FEFDFD0000-000007FEFE022000 C:\WINDOWS\system32\WLDAP32.dll (Microsoft Corporation),
version: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
000007FEFE0D0000-000007FEFE0DE000 C:\WINDOWS\system32\LPK.dll (Microsoft Corporation),
version: 6.1.7601.24280 (win7sp1_ldr.181006-0600)
000007FEFE0E0000-000007FEFE1BA000 C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation),
version: 6.1.7601.24335
000007FEFE1C0000-000007FEFE2C9000 C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation),
version: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
000007FEFE2D0000-000007FEFE4A7000 C:\WINDOWS\system32\SETUPAPI.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
000007FEFE4B0000-000007FEFE4C9000 C:\WINDOWS\system32\imagehlp.dll (Microsoft Corporation),
version: 6.1.7601.18288 (win7sp1_gdr.131018-1533)
000007FEFE4D0000-000007FEFF25A000 C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation),
version: 6.1.7601.24234 (win7sp1_ldr.180813-0600)

Thumbprint
288c28545c7167dc7eeefe5ba7d3d810ae6afd6eea54cf182c5be44cb1b269d6
Backwards compatible thumbprint (V1)
b4fd4d7991604623ae55a0f5837048eaa437d3885b2817db82509fd34285e7a4
Backwards compatible thumbprint (V2)
288c28545c7167dc7eeefe5ba7d3d810ae6afd6eea54cf182c5be44cb1b269d6
Backwards compatible thumbprint (V3)
288c28545c7167dc7eeefe5ba7d3d810ae6afd6eea54cf182c5be44cb1b269d6
process_path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

This thread was automatically locked due to age.

0 Drew Livengood 5 months ago

The removal tool and a full scan found nothing, can I safely place this device back on the domain?
Cancel
Up 0 Down

Cancel
0 Yashraj 4 months ago in reply to Drew Livengood

Hi Drew Livengood,

Thanks for reaching out to us on Sophos Community. I had a few questions that would help me get a clearer picture as I can't make out much from the information you've posted. First, can you please confirm which Sophos product you’re using? Second, has this alert popped up again in your environment? Third, has the Windows 7 device been updated with the latest security patches?

Yashraj Singha
Team Lead | Global Support Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Up 0 Down

Cancel
0 Drew Livengood 4 months ago in reply to Yashraj

Thank you for the reply. Our hospital uses Sophos Central, this PC is now Windows 7 (ver. 6.1 Build 7601 Service Pack 1) with the following Core Agent 2.18.2
Sophos Intercept X 2.0.20
Endpoint Protection 10.8.10.3

Patched as much as possible, we are struggling to get all PC's to Win 10.

No further alerts for this in Sophos Central or locally.

Thank you.
Cancel
Up 0 Down

Cancel