Hi Sophos
From this alert, please advice step and how to solve this case.
RAW LOG
Intruder
Platform 6.1.7601/x86 v37 06_3c
PID 111064
Enabled 005D2E3C1DBF9104
Silent 0000000000000100
Application C:\Program Files\Mozilla Firefox\firefox.exe
Created 2017-11-10T03:37:09
Modified 2017-11-10T03:37:16
Description Firefox 43.0.1
Loaded Modules (111)
-----------------------------------------------------------------------------
010C0000-01123000 C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation),
version: 43.0.1
57800000-5821A000 C:\Program Files\Mozilla Firefox\icudt55.dll (The ICU Project),
version: 55, 1, 0, 0
5B260000-5B2CA000 C:\Program Files\Mozilla Firefox\nssckbi.dll (Mozilla Foundation),
version: 2.5
5B2D0000-5B3AF000 C:\Program Files\Mozilla Firefox\icuuc55.dll (The ICU Project),
version: 55, 1, 0, 0
5B3B0000-5B4EC000 C:\Program Files\Mozilla Firefox\icuin55.dll (The ICU Project),
version: 55, 1, 0, 0
5B4F0000-5DA92000 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation),
version: 43.0.1
5DAA0000-5DB52000 C:\Program Files\Mozilla Firefox\lgpllibs.dll (Mozilla Foundation),
version: 43.0.1
5DB60000-5DD04000 C:\Program Files\Mozilla Firefox\nss3.dll (Mozilla Foundation),
version: 43.0.1
60670000-6075E000 C:\Program Files\Mozilla Firefox\MSVCR120.dll (Microsoft Corporation),
version: 12.00.21005.1 built by: REL
614A0000-614F6000 C:\Program Files\Mozilla Firefox\freebl3.dll (Mozilla Foundation),
version: 3.20.1 Basic ECC
627D0000-62841000 C:\Program Files\Mozilla Firefox\MSVCP120.dll (Microsoft Corporation),
version: 12.00.21005.1 built by: REL
69F90000-69FB5000 C:\Windows\system32\rdpendp.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
6A530000-6A5A9000 C:\Windows\system32\mscms.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
6B0B0000-6B0C8000 C:\Program Files\Mozilla Firefox\nssdbm3.dll (Mozilla Foundation),
version: 3.20.1 Basic ECC
6B4B0000-6B620000 C:\Windows\system32\explorerframe.dll (Microsoft Corporation),
version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052
6B970000-6B997000 C:\Program Files\Mozilla Firefox\softokn3.dll (Mozilla Foundation),
version: 3.20.1 Basic ECC
6C840000-6C84F000 C:\Windows\system32\wbem\wbemsvc.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
6C930000-6C9C6000 C:\Windows\system32\wbem\fastprox.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
6EB00000-6EC0C000 C:\Windows\system32\dwrite.dll (Microsoft Corporation),
version: 6.1.7601.24494 (win7sp1_ldr_escrow.19062
6ED90000-6EDDF000 C:\Windows\System32\Wpc.dll (Microsoft Corporation),
version: 1.0.0.1
6F000000-6F035000 C:\Program Files\Mozilla Firefox\sandboxbroker.dll (Mozilla Foundation),
version: 43.0.1
6F150000-6F156000 C:\Windows\system32\sensapi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
6F360000-6F37D000 C:\Program Files\Mozilla Firefox\mozglue.dll (Mozilla Foundation),
version: 43.0.1
6FBD0000-6FBE2000 C:\Windows\system32\SAMLIB.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
714F0000-71508000 C:\Windows\system32\NTDSAPI.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
71E00000-71E38000 C:\Windows\System32\fwpuclnt.dll (Microsoft Corporation),
version: 6.1.7601.18283 (win7sp1_gdr.131011-1532)
71F10000-71F6C000 C:\Windows\system32\wbemcomn.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
71F70000-71F7A000 C:\Windows\system32\wbem\wbemprox.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
72080000-72090000 C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll (Mozilla Foundation),
version: 43.0.1
72800000-72836000 C:\Windows\system32\AUDIOSES.DLL (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
72890000-72895000 C:\Windows\system32\MSIMG32.dll (Microsoft Corporation),
version: 6.1.7601.24467 (win7sp1_ldr_escrow.19052
72D90000-72D9D000 C:\Windows\system32\rtutils.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
72DA0000-72DB5000 C:\Windows\system32\rasman.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
72DC0000-72E12000 C:\Windows\system32\RASAPI32.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
72F60000-72F74000 C:\Windows\system32\MSACM32.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73140000-73153000 C:\Windows\system32\dwmapi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73210000-73305000 C:\Windows\system32\propsys.dll (Microsoft Corporation),
version: 7.00.7601.17514 (win7sp1_rtm.101119-1850
73310000-73349000 C:\Windows\System32\MMDevApi.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
733A0000-733CF000 C:\Windows\system32\DUser.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
733D0000-73482000 C:\Windows\system32\DUI70.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73630000-73670000 C:\Windows\system32\UxTheme.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73670000-7380E000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll (Microsoft Corporation),
version: 6.10 (win7sp1_ldr.190604-0600)
73BF0000-73BF6000 C:\Windows\system32\rasadhlp.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73C30000-73C3D000 C:\Windows\system32\wshbth.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
73CC0000-73CE7000 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.),
version: 7.250.4232.0
73CF0000-73CF5000 C:\Windows\System32\wshtcpip.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73D00000-73D12000 C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73D20000-73D28000 C:\Windows\System32\winrnr.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73D60000-73D70000 C:\Windows\system32\napinsp.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
73D70000-73D80000 C:\Windows\system32\NLAapi.dll (Microsoft Corporation),
version: 6.1.7601.17964 (win7sp1_gdr.121003-0333)
73E50000-73E5F000 C:\Windows\system32\SAMCLI.DLL (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
740B0000-740BA000 C:\Windows\system32\slc.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
74130000-7413F000 C:\Windows\system32\wkscli.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
74140000-74151000 C:\Windows\system32\NETAPI32.dll (Microsoft Corporation),
version: 6.1.7601.17887 (win7sp1_gdr.120704-0720)
74160000-74192000 C:\Windows\system32\WINMM.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
741A0000-741A7000 C:\Windows\system32\WINNSI.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
741B0000-741CC000 C:\Windows\system32\IPHLPAPI.DLL (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
741D0000-741D7000 C:\Windows\system32\WSOCK32.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
742C0000-743AB000 C:\Windows\system32\dbghelp.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
743B0000-743D1000 C:\Windows\system32\ntmarta.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
743F0000-743FD000 C:\Windows\system32\WTSAPI32.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
74410000-7444C000 C:\Windows\system32\pdh.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
74450000-74459000 C:\Windows\system32\VERSION.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
744B0000-744C9000 C:\Windows\system32\USERENV.dll (Microsoft Corporation),
version: 6.1.7601.24453 (win7sp1_ldr.190425-0600)
745C0000-745FB000 C:\Windows\system32\rsaenh.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
74730000-74774000 C:\Windows\system32\Dnsapi.dll (Microsoft Corporation),
version: 6.1.7601.17570 (win7sp1_gdr.110302-1503)
74810000-74827000 C:\Windows\system32\CRYPTSP.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
74830000-74839000 C:\Windows\system32\netutils.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
748C0000-748FC000 C:\Windows\system32\mswsock.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
749F0000-749F6000 C:\Windows\System32\wship6.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
74AB0000-74AF2000 C:\Windows\System32\wevtapi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
74D10000-74D29000 C:\Windows\system32\srvcli.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
74D80000-74D88000 C:\Windows\system32\Secur32.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
74DA0000-74DBB000 C:\Windows\system32\SSPICLI.DLL (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
74E10000-74E1C000 C:\Windows\system32\CRYPTBASE.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
74E80000-74E8E000 C:\Windows\system32\RpcRtRemote.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
74E90000-74EB9000 C:\Windows\system32\WINSTA.dll (Microsoft Corporation),
version: 6.1.7601.18540 (win7sp1_gdr.140716-1508)
74EC0000-74ECB000 C:\Windows\system32\profapi.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
74ED0000-74FDF000 C:\Windows\System32\hmpalert.dll (SurfRight B.V.),
version: 3.8.4.36
75040000-7504C000 C:\Windows\system32\MSASN1.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
75050000-7509B000 C:\Windows\System32\KernelBase.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
750A0000-751C2000 C:\Windows\system32\CRYPT32.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
75260000-7528F000 C:\Windows\system32\WINTRUST.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
75290000-752A2000 C:\Windows\system32\DEVOBJ.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
752B0000-752D7000 C:\Windows\system32\CFGMGR32.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
752E0000-7538C000 C:\Windows\system32\msvcrt.dll (Microsoft Corporation),
version: 7.0.7601.17744 (win7sp1_gdr.111215-1535)
75390000-753DE000 C:\Windows\system32\GDI32.dll (Microsoft Corporation),
version: 6.1.7601.24467 (win7sp1_ldr_escrow.19052
753E0000-753FF000 C:\Windows\system32\IMM32.DLL (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
75400000-75419000 C:\Windows\SYSTEM32\sechost.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
75450000-75562000 C:\Windows\system32\WININET.dll (Microsoft Corporation),
version: 9.00.8112.16717 (win7_ie9_GDR_escrow(bui
75570000-75602000 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation),
version: 6.1.7601.24440
75610000-7561A000 C:\Windows\system32\LPK.dll (Microsoft Corporation),
version: 6.1.7601.24439 (win7sp1_ldr.190413-2027)
75620000-756C2000 C:\Windows\system32\RPCRT4.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
756D0000-7631C000 C:\Windows\system32\SHELL32.dll (Microsoft Corporation),
version: 6.1.7601.24468 (win7sp1_ldr_escrow.19052
76400000-76517000 C:\Windows\system32\urlmon.dll (Microsoft Corporation),
version: 9.00.8112.16717 (win7_ie9_GDR_escrow(bui
76520000-766DA000 C:\Windows\system32\iertutil.dll (Microsoft Corporation),
version: 9.00.8112.16717 (win7_ie9_GDR_escrow(bui
766E0000-76781000 C:\Windows\system32\ADVAPI32.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
76790000-768EF000 C:\Windows\system32\ole32.dll (Microsoft Corporation),
version: 6.1.7601.24486 (win7sp1_ldr.190607-0600)
768F0000-76925000 C:\Windows\system32\WS2_32.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
76930000-769CD000 C:\Windows\system32\USP10.dll (Microsoft Corporation),
version: 1.0626.7601.24494 (win7sp1_ldr_escrow.19
769D0000-76AA5000 C:\Windows\System32\kernel32.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
76AB0000-76B33000 C:\Windows\system32\CLBCatQ.DLL (Microsoft Corporation),
version: 2001.12.8530.16385 (win7_rtm.090713-1255
76B40000-76B97000 C:\Windows\system32\SHLWAPI.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
76BA0000-76BE5000 C:\Windows\system32\WLDAP32.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
76BF0000-76CB9000 C:\Windows\system32\USER32.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
76CC0000-76E5D000 C:\Windows\system32\SETUPAPI.dll (Microsoft Corporation),
version: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
76E60000-76FA2000 C:\Windows\System32\ntdll.dll (Microsoft Corporation),
version: 6.1.7601.24499 (win7sp1_ldr.190612-0600)
76FB0000-76FB3000 C:\Windows\system32\Normaliz.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
76FC0000-76FC6000 C:\Windows\system32\NSI.dll (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
76FD0000-7709C000 C:\Windows\system32\MSCTF.dll (Microsoft Corporation),
version: 6.1.7601.18731 (win7sp1_gdr.150116-1503)
770A0000-770A5000 C:\Windows\system32\PSAPI.DLL (Microsoft Corporation),
version: 6.1.7600.16385 (win7_rtm.090713-1255)
Thumbprint
99e1bfb83a40f8c6d9ad6e8c37bd24b80f3a8ef4776a8f161e728764c7ad7be2
Backwards compatible thumbprint (V1)
2968a5ef6c527b6f7ed3f713efc1d422f5001880e2838355abdcc325b00da9cd
Backwards compatible thumbprint (V2)
7fafddec969709b53a48a1d386000b717763b8787e7b4455aa4aab67e50637be
Backwards compatible thumbprint (V3)
99e1bfb83a40f8c6d9ad6e8c37bd24b80f3a8ef4776a8f161e728764c7ad7be2
Added TAGs
[edited by: Qoosh at 11:22 PM (GMT -7) on 4 Jul 2022]
