HMPA block all nirsoft softwares Malware found: App/NirSoft-Gen G:\Downloads\WSCC - Windows System Control Center\NirSoft Utilities\ipnetinfo.exe Mitigation MalwareBlocked Platform 6.1.7601/x64 v765 06_1e PID 11968 Application G:\Downloads\WSCC - Windows System Control Center\NirSoft Utilities\ipnetinfo.exe Description App/NirSoft-Gen
The cloud is flagging these tools. If you want them to launch you need to disable the Realtime Antimalware Protection temporarily (=as long as the Realtime Antimalware Protection it is enabled, they will be blocked from launching)
cool when trial runs out you still have passive protection (VM simulation), key encryption, bad usb protection, camera protection, browser protection (will tell you if browser is suitable for banking ect).
HitmanPro.Alert 3.7.9 Build 767 Release Candidate 3 Changelog (compared to build 765) Added Dynamic Shellcode Mitigation (Helps prevent threat actors from loading unsafe code into memory) protection can now be turned on/off - however the mitigation is still in detect only mode. Improved Reduction of false-positives for DEP alerts in case of crashing applications. Reduction of false-positives for Code Cave alerts on .NET applications. Fixed WipeGuard can now handle disks with other sector sizes than 512. CodeCave triggered falsely during process initialization. Download http://test.hitmanpro.com/hmpalert3b767.exe We will also auto-update the current 765 beta users. Please let us know how this version runs on your endpoints!
No problem na auto-update to Versie 3.7.9 build 767 Release Candidate 3 Win10 Pro 1809 build 17763.55 x64/Emsisoft Anti-malware
Once again error 0 and unable to install. Had to uninstall HMP.A and perform a clean install instead. That's at least 3 releases in a row now...
WIN10-1809 system restore failed, so i had to uninstall HMP.A build 765, to make it work. After successful restore HMP.A updated to build 767. After Upgrade to build 767 I ran ESET online scanner, that caused an issue: Spoiler: Report Protokollname: Application Quelle: HitmanPro.Alert Datum: 01.11.2018 23:35:56 Ereignis-ID: 911 Aufgabenkategorie:Mitigation Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: HiltiPC Beschreibung: Mitigation Shellcode Platform 10.0.17763/x64 v767 06_3c PID 10900 Feature 00170AB0000001A6 Application C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe Description ESET Online Scanner 2.0.22 Shellcode (HHP) (0x000F5000 bytes) CALLER is inside localAlloc mem Owner of CALLER: (anonymous; allocated by 58E977CB, esets_apiW_a.DLL) (anonymous; esets_apiW_a.DLL)+0x6968 Range (0x09460000 - 0x09555000)) (anonymous)+0x0 Owner of BaseAddress: (0733696A) NO MODULE ASSIGNED 07336968 ffd6 CALL ESI 0733696A 85c0 TEST EAX, EAX 0733696C 7454 JZ 0x73369c2 0733696E 031f ADD EBX, [EDI] 07336970 8b4704 MOV EAX, [EDI+0x4] 07336973 85c0 TEST EAX, EAX 07336975 741f JZ 0x7336996 07336977 8b3510933407 MOV ESI, [0x7349310] 0733697D 8d4dfc LEA ECX, [EBP-0x4] 07336980 51 PUSH ECX 07336981 6a02 PUSH 0x2 07336983 50 PUSH EAX 07336984 53 PUSH EBX 07336985 8bce MOV ECX, ESI 07336987 ff1500403407 CALL DWORD [0x7344000] 0733698D ffd6 CALL ESI ----- SNIP HERE ----- AAELAQBgMwdoaTMHAGAzBwDgAADCBADMzMzMzMzMzMxVi+yD7EyLRQxTVleLAIvZM/+JXfgz9sdF8AAAAADHRewAAAAAhcB1DrhwFwAAX15bi+VdwhAAweAEUIlF5OjNrQAAg8QEiUXYhcB1DrhaGwAAX15bi+VdwhAA/3XkagBQ6MLWAACLRRCDxAwDReSLVdiJRdyLRQyJVcyJdbg5MA+GaAMAADP2iXXI6wONSQCLSDCLBDEDzokCi0XcK0UQiU28i0kIiUoEiUIIjTRJweYDVol10OhVrQAAg8QEiUX0hcAPhB4DAABWagBQ6FbWAACLRbyDxAwDddyJdejHRcQAAAAAg3gIAA+GXgIAAItN9IPBBDPSiU3giVXAjUkAi3AMA/LGRf8Ai1YYhdIPhJQAAACDfjAAdR2LRQwzyTiLgAIAAA+VwQ+2QBQ7wXUHi1YQxkX/AVLo06wAAIvYg8QEiV3whdsPhJoCAACLTfiLVQyDwQSAff8AdB6LRhQDQgxQ/3YQU+j05f//hcB0NbtwFwAA6eYCAACAehQBU/92HA+UwP92GA+2wP92EFCLRhQDQgxQ6LXm//+L2IXbD4W7AgAAi134i0YwhcB0SFDoW6wAAIPEBIlF7IXAD4QkAgAAi00MUP92NP92MIB5KAH/digPlMAPtsBQi0YsA0EgjYs4AQAAUOhj5v//i9iF2w+FaQIAAItd7IXbdQ2LffAzyYl91IlN8Otli0YIOwMPhVr///9Q6PSrAACL+IPEBIl91IX/D4S7AQAA/3YIi1YYV/92MFOLXfCLy+jf5v///3XsiUW06PSrAACDxBSF23QJU+jnqwAAg8QEi0W0M8mJTfCJTew7RggPhWoBAACLVeCLBotd6IlC/ItGCIkCi8MrRRCAff8AiUIEi0YIiUIIdC6LThBqAP91FIkKi0YcU1GLTfhXiUIM6CH2//+L2IX/dFtX6IWrAACDxAQz/+tOi14Ig8j/M9KF23Qai/8Ptgw6QjPIwegID7bJMwSNwEk0BzvTcuiLTeD30FGJQQyNRdSLTfhQ/3UUD7aBgAIAAFD/dejo1fb//4t91IvYhdsPhUgBAACLTeCLVcCLXfiDwjyJVcCLAYPBGIlGCIt16APwiU3gi03Ei0W8QYl16IlNxDtICA+Cs/3//4tF0IPJ/zPShcB0KIt19IvYi/8PtgQyQjPBwekID7bAMwyFwEk0BzvTcuiLdeiLXfiLRdCLVcz30WoA/3UU/3XciUoMi8tQ/3X06DT1//+L2IXbD4W6AAAA/3X06JKqAACLTbiDxASLRQxBi1XMg0XIEIPCEItd+Il13IlVzIlNuDsIcxyLdcjptvz//7twFwAAiU3siU3w63m7WhsAAOtyK3UQM9KJcASDyf+LdQjHBgEAAAA5VeR2Kotd5It12I1JAA+2BDJCM8HB6QgPtsAzDIXASTQHO9Ny6It1CItd+ItFDGoA/3UU99H/dRCJTgiLy/915IsA/3XYiUYE6ID0//+L2MdF9AAAAACF23UDiV30/3XY6NipAACDxAT/dfTozakAAIPEBP918OjCqQAAg8QE/3Xs6LepAACDxARX6K6pAACDxASLw19eW4vlXcIQAFWL7FaLdQiLRjCFwHRCUzPbOR52Jlcz/+sGjZsAAAAAi0Yw/3QHDOh0qQAAQ41/EIPEBDsecumLRjBfW4XAdBBQ6FqpAACDxATHRjAAAAAAajRqAFboLtIAAIPEDF5dwgQAzMzMzMzMzMzMzMzMzMxVi+yLRQiDeAgAdByLTQyDeQgAdA6LAIsJO8FyBncJM8Bdw4PI/13DuAEAAABdw8xVi+xRU1aLdQgz21eLBoXAdF8zyYlN/OsHjaQkAAAAAIt+MAP5aDBlMwdqPP93CP93DOjpsQAAi1cIg8QQM8mF0nQbi0cMg8AIjaQkAAAAAIM4AHQBQYPAPIPqAXXyiU8IQ4tN/IsGg8EQiU38O9hyr2gwZTMHahBQ/3Yw6J+xAAAzyYPEEDP/iU38OQ52KTPbi0Ywg3wDCAB2BkGJTfzrD/90AwzoVqgAAItN/IPEBEeDwxA7PnLZX4kOXluL5V3CBADMzMzMzMzMzMzMzMzMVYvsg+T4g+wcU1aLNTyTNAeLwYlUJCCJRCQMx0QkEHAXAABXhfZ0J41MJBhRUGoIi87/FQBANAf/1oPEDIXAdQ6LRCQci3QkGIlEJBzrB4PO/4l0JByF9nUMuHAXAABfXluL5V3DgH0MAHQNgf4AEAAAdgW+ABAAAFbogacAAIv4g8QEhf91DLhzFwAAX15bi+Vdw4sdPJM0B4XbD4S8AAAAjUQkGIvLUGoAagBqAP90JCBqBv8VAEA0B//Tg8QYhcAPhZYAAACLRCQYI0QkHIP4/w+EhQAAAIsdPJM0B4XbdCiNRCQYi8tQav9q/1ZX/3QkJGoE/xUAQDQH/9ODxByFwHUGi0QkGOsDg8j/O8Z1TItdDI1EJBhTUI1EJBjHRCQgAAAAAFCL1ovP6E8tAACDxAyA+wF1CYP4AXUEi8frCIXAdRiLRCQQi0wkJIXJdAQrx4kBx0QkFAAAAABX6MymAACLRCQYg8QEX15bi+Vdw8zMzMzMzMzMzMzMzMzMVYvsg+wIgz0UkzQHAFNWV4v5i/KJffx1TYsdPJM0BzP2iXX8hdt0Ko1F/IvLUP91CFJXag3/FQBANAf/04t1/IPEFPfYG8D30F8jxl5bi+Vdw7hnGwAA99hfG8D30CPGXluL5V3Diw0gkzQHhckPhNEAAAAz0ovH9/GF0g+FwwAAAIvG9/GF0g+FtwAAAItFCPfxhdIPhaoAAABqEOjepQAAi9iDxASF2w+ElgAAAItF/ItNCAPGA8GJO4lLCDP/i00MiXMEiUX4O8h2Ios1HJM0B2oBaAAgAABRV4vO/xUAQDQH/9aL+IX/dFCLRfiLNRyTNAeLzmoEaAAQAABQV/8VAEA0B//WiUMMhcB0EYX/dAQ7+HUJX16Lw1uL5V3Dhf90GIs1GJM0B4vOaACAAABqAFf/FQBANAf/1lPobqUAAIPEBF9eM8Bbi+Vdw8zMVYvsUYM9FJM0BwBWV4v5dTOLNTyTNAeF9nQaV2oPi87/FQBANAf/1oPECPfYG8BfXovlXcO4ZxsAAPfYXxvAXovlXcNThf90eYsHi18MhcB0Hos1EJM0B41N/FFqIFBTi87/FQBANAf/1oXAdFQDH4tHBIXAdB+LNRCTNAeNTfxRagJQU4vO/xUAQDQH/9aFwHQvA18Ei0cIhcB0HIs1EJM0B41N/FFqBFBTi87/FQBANAf/1oXAdAlbXzPAXovlXcNbX4PI/16L5V3DzMzMzFWL7IPsCFOL2YtNCIXJdQkywFuL5V3CDACAfRAAi0UMD4QwAQAAhcAPhCgBAABXjXsEhf91CI1H/un9AAAAVot3IMdHGAAAAACF9nUTiXcoM8DHRyCADTQHvoANNAfrA4tHKIN/JAB1B8dHJKANNAdo0BsAAGoBUIvO/xUAQDQH/9aDxAyJRfiFwHUKuPz////ppAAAAIlHHIk4x0A4AAAAAMdABDQ/AACDfyAAdGSLTySJTfyFyXRai3cchfZ0Uzk+dU+LRgQtND8AAIP4H3dCi0Y4hcB0HYN+KA90F1D/dyj/FQBANAf/VfyDxAjHRjgAAAAAi8/HRgwFAAAAx0YoDwAAAOh2aQAAiUX8hcB0KesHx0X8/v////91+It3JIvO/3co/xUAQDQH/9aLRfyDxAjHRxwAAAAAXotNDIXAiUsIi00ID5TAiQ9fxgMBW4vlXcIMAIlDCIlDDLABiUsExgMAW4vlXcIMAMzMzMzMVYvsU1ZXi30Mi/GF/3RxgD4AdTCLRgg7x3MCi/hX/3YE/3UI6OPNAAABfgSDxAwpfgiLRRCFwHQ+iTiwAV9eW13CDACLRQiJfhSJRhCNSQCNTgTo6GoAAIXAdAWD+AF1H4tOFIXJdASFwHTki0UQhcB0BCv5iThfXrABW13CDABfXjLAW13CDADMzMzMzMzMVYvsgezYAwAAoQCQNAczxYlF/ItFEFOLXQyJleD8//+Jjdz8//+Jhej8//9Wg/sWD4KgBAAAi3UIiwY5RRQPgpIEAACFwHUQXluLTfwzzeiMoQAAi+Vdw1dqOI2FpPz//2oAUOgPywAAajiNhSz8///GhaD8//8AagBQ6PjKAABqOI2FaPz//8aFKPz//wBqAFDo4coAAItWCjP/i04Si8Il////f8aFZPz//wCJhez8//+B4f///3+LRg6DxCQl////f4mN5Pz//4mF9Pz//zP2A8GJvfD8//+Ljez8//+DwRaJtfj8//8DwTvDD4WRAwAAi10IgHsICA+FhAMAAPZDCQF0KYuN4Pz//8HpAoPpAXQbi5Xc/P//jZsAAAAAi0SK/CkEioPpAXX0i1MKi0UIjY2g/P//i53s/P//g8AWweofUlNQ6LT8//+EwA+EMAMAAItNCItBDsHoH1D/tfT8//+NQRYDw42NKPz//1Doi/z//4TAD4QHAwAAi00Ii0ESg8EWwegfUIuF9Pz///+15Pz//wPDA8GNjWT8//9Q6Fr8//+EwA+E1gIAAIvOi52o/P//hdsPlMCEwA+FLgIAADiFoPz//3UxvwADAAA733MCi/tX/7Wk/P//jYX8/P//UOiTywAAAb2k/P//g8QMK9+Jnaj8///rQ42F/Pz//8eFtPz//wADAACJhbD8//+NjaT8///ok2gAAIXAdAmD+AEPhVoCAACLjbT8//+FyXQEhcB02r8AAwAAK/m4q6qqqvfnweoDjQRSweACK/gPhS0CAACLvfD8//+Nnfz8//+Ly4md5Pz//wPBO8iJhez8//+Ljfj8//8Pgy////+LE4XSD4StAAAAjQQ6O0UUD4ftAQAAg70w/P//AA+UwDwBD4TbAQAAx4X0/P//AAAAAAO96Pz//w+ExQEAAI2F9Pz//1BSV42NKPz//+id/P//hMAPhKkBAACLEzmV9Pz//w+FmwEAADPAhdJ0JYud3Pz//40MMDuN4Pz//3MJjQwDigwxAAwHQDvCcueLneT8////tfj8//+Lz+hPAwAAi73w/P//i8iLhez8//+DxASJjfj8//8D+gPyi1MEib3w/P//hdIPhIMAAACNBDo7RRQPhysBAACDvWz8//8AD5TAPAEPhBkBAADHhfT8//8AAAAAA73o/P//D4QDAQAAjYX0/P//UFJXjY1k/P//6Nv7//+EwA+E5wAAAItTBDmV9Pz//w+F2AAAAP+1+Pz//4vP6LcCAACLvfD8//+LyIuF7Pz//4PEBImN+Pz//wNzCAP6g8MMib3w/P//iZ3k/P//O9gPgpX+///pv/3//4tFCPZACQEPhHwAAACLleD8//+5AQAAAMHqAjvRdhKLndz8//+LRIv8AQSLQTvKcvSLnej8//+L18HqArkBAAL/D4XYCwMA/7X4/AsC/4vP6LcC ----- END SNIP ----- Loaded Modules ----------------------------------------------------------------------------- 01300000-019B1000 ESETOnlineScanner_DEU.exe (ESET spol. s r.o.), version: 2.0.22.0 77410000-775AC000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74C40000-74D20000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74980000-74A64000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.767 76550000-76749000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77380000-773FE000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 760C0000-76180000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 75A30000-75AA9000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 767F0000-768AF000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74A80000-74AA0000 SspiCli.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74A70000-74A7A000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 772B0000-77312000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71F20000-71FBC000 apphelp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 763B0000-76549000 USER32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 759B0000-759C7000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75A00000-75A23000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74F40000-750A6000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 76EB0000-76F30000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 751C0000-752E3000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77320000-7737F000 WS2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75460000-759AD000 SHELL32.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 76750000-7678B000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76250000-762D9000 shcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77030000-772AE000 combase.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 768B0000-76EAA000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750C0000-750DC000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76790000-767E4000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75170000-751B4000 shlwapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 763A0000-763AF000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76210000-76222000 cryptsp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75F60000-7605B000 ole32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 762E0000-7637B000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 759D0000-759F5000 IMM32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 744A0000-744A6000 MSIMG32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74680000-7488F000 COMCTL32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 73B90000-73C0B000 UxTheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 721B0000-7231F000 gdiplus.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 73B80000-73B88000 WSOCK32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 72320000-72374000 OLEACC.dll (Microsoft Corporation), version: 7.2.17763.1 (WinBuild.160101.0800) 744E0000-74504000 WINMM.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73F50000-73FBB000 WINSPOOL.DRV (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76230000-76249000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 744B0000-744D3000 WINMMBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73D40000-73EBE000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 74510000-74543000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 5A430000-5A4AC000 RICHED20.DLL (Microsoft Corporation), version: 5.31.23.1231 621C0000-621D7000 USP10.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 5A3F0000-5A421000 msls31.dll (Microsoft Corporation), version: 3.10.349.0 71390000-713B6000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74AA0000-74C39000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74E80000-74E8E000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74D40000-74E7D000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 67720000-677A6000 TextInputFramework.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 03870000-03ADA000 CoreUIComponents.dll (Microsoft Corporation), version: 10.0.17763.1 67380000-6740F000 CoreMessaging.dll (Microsoft Corporation), version: 10.0.17763.55 73D00000-73D29000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71FC0000-7209B000 wintypes.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74940000-74948000 version.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 736F0000-73742000 mswsock.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73630000-736C0000 DNSAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750B0000-750B7000 NSI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 735C0000-73611000 fwpuclnt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73620000-73628000 rasadhlp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750E0000-75161000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 60AA0000-60EC9000 explorerframe.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73750000-73B73000 wininet.dll (Microsoft Corporation), version: 11.00.17763.1 (WinBuild.160101.0800) 73090000-732BD000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.1 (WinBuild.160101.0800) 71920000-71932000 ondemandconnroutehelper.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74550000-7460D000 winhttp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71910000-71918000 WINNSI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 732C0000-7347C000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.55 (WinBuild.160101.0800) 716D0000-716D8000 DPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74EF0000-74F35000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74910000-7493F000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 713C0000-71433000 schannel.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 716C0000-716D0000 mskeyprotect.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71330000-71352000 ncrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71300000-7132C000 NTASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74630000-74656000 cryptnet.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 716A0000-716BF000 ncryptsslp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 58E60000-58F77000 esets_apiW_a.DLL (ESET), version: 6.0.2999.0 74660000-74678000 MPR.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74040000-74403000 msi.dll (Microsoft Corporation), version: 5.0.17763.1 74D20000-74D26000 psapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74950000-74973000 userenv.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 03070000-03073000 sfc.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73070000-7307F000 sfc_os.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74480000-74493000 netapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 58E50000-58E59000 SCHEDCLI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74430000-7443B000 NETUTILS.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74410000-74424000 dhcpcsvc.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [10900] "C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe" EULA 2 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [11552] 3 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [9900] 4 C:\Windows\explorer.exe [7068] 5 C:\Windows\System32\userinit.exe [7052] Thumbprint db5079f61b81c98e6d8ad4ca95d7da8d0039b61ca84f1831acb32a6450cba3b3 Ereignis-XML: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="HitmanPro.Alert" /> <EventID Qualifiers="0">911</EventID> <Level>2</Level> <Task>9</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2018-11-01T22:35:56.139510400Z" /> <EventRecordID>7307</EventRecordID> <Channel>Application</Channel> <Computer>HiltiPC</Computer> <Security /> </System> <EventData> <Data>C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe</Data> <Data>Shellcode</Data> <Data>Mitigation Shellcode Platform 10.0.17763/x64 v767 06_3c PID 10900 Feature 00170AB0000001A6 Application C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe Description ESET Online Scanner 2.0.22 Shellcode (HHP) (0x000F5000 bytes) CALLER is inside localAlloc mem Owner of CALLER: (anonymous; allocated by 58E977CB, esets_apiW_a.DLL) (anonymous; esets_apiW_a.DLL)+0x6968 Range (0x09460000 - 0x09555000)) (anonymous)+0x0 Owner of BaseAddress: (0733696A) NO MODULE ASSIGNED 07336968 ffd6 CALL ESI 0733696A 85c0 TEST EAX, EAX 0733696C 7454 JZ 0x73369c2 0733696E 031f ADD EBX, [EDI] 07336970 8b4704 MOV EAX, [EDI+0x4] 07336973 85c0 TEST EAX, EAX 07336975 741f JZ 0x7336996 07336977 8b3510933407 MOV ESI, [0x7349310] 0733697D 8d4dfc LEA ECX, [EBP-0x4] 07336980 51 PUSH ECX 07336981 6a02 PUSH 0x2 07336983 50 PUSH EAX 07336984 53 PUSH EBX 07336985 8bce MOV ECX, ESI 07336987 ff1500403407 CALL DWORD [0x7344000] 0733698D ffd6 CALL ESI ----- SNIP HERE ----- AAELAQBgMwdoaTMHAGAzBwDgAADCBADMzMzMzMzMzMxVi+yD7EyLRQxTVleLAIvZM/+JXfgz9sdF8AAAAADHRewAAAAAhcB1DrhwFwAAX15bi+VdwhAAweAEUIlF5OjNrQAAg8QEiUXYhcB1DrhaGwAAX15bi+VdwhAA/3XkagBQ6MLWAACLRRCDxAwDReSLVdiJRdyLRQyJVcyJdbg5MA+GaAMAADP2iXXI6wONSQCLSDCLBDEDzokCi0XcK0UQiU28i0kIiUoEiUIIjTRJweYDVol10OhVrQAAg8QEiUX0hcAPhB4DAABWagBQ6FbWAACLRbyDxAwDddyJdejHRcQAAAAAg3gIAA+GXgIAAItN9IPBBDPSiU3giVXAjUkAi3AMA/LGRf8Ai1YYhdIPhJQAAACDfjAAdR2LRQwzyTiLgAIAAA+VwQ+2QBQ7wXUHi1YQxkX/AVLo06wAAIvYg8QEiV3whdsPhJoCAACLTfiLVQyDwQSAff8AdB6LRhQDQgxQ/3YQU+j05f//hcB0NbtwFwAA6eYCAACAehQBU/92HA+UwP92GA+2wP92EFCLRhQDQgxQ6LXm//+L2IXbD4W7AgAAi134i0YwhcB0SFDoW6wAAIPEBIlF7IXAD4QkAgAAi00MUP92NP92MIB5KAH/digPlMAPtsBQi0YsA0EgjYs4AQAAUOhj5v//i9iF2w+FaQIAAItd7IXbdQ2LffAzyYl91IlN8Otli0YIOwMPhVr///9Q6PSrAACL+IPEBIl91IX/D4S7AQAA/3YIi1YYV/92MFOLXfCLy+jf5v///3XsiUW06PSrAACDxBSF23QJU+jnqwAAg8QEi0W0M8mJTfCJTew7RggPhWoBAACLVeCLBotd6IlC/ItGCIkCi8MrRRCAff8AiUIEi0YIiUIIdC6LThBqAP91FIkKi0YcU1GLTfhXiUIM6CH2//+L2IX/dFtX6IWrAACDxAQz/+tOi14Ig8j/M9KF23Qai/8Ptgw6QjPIwegID7bJMwSNwEk0BzvTcuiLTeD30FGJQQyNRdSLTfhQ/3UUD7aBgAIAAFD/dejo1fb//4t91IvYhdsPhUgBAACLTeCLVcCLXfiDwjyJVcCLAYPBGIlGCIt16APwiU3gi03Ei0W8QYl16IlNxDtICA+Cs/3//4tF0IPJ/zPShcB0KIt19IvYi/8PtgQyQjPBwekID7bAMwyFwEk0BzvTcuiLdeiLXfiLRdCLVcz30WoA/3UU/3XciUoMi8tQ/3X06DT1//+L2IXbD4W6AAAA/3X06JKqAACLTbiDxASLRQxBi1XMg0XIEIPCEItd+Il13IlVzIlNuDsIcxyLdcjptvz//7twFwAAiU3siU3w63m7WhsAAOtyK3UQM9KJcASDyf+LdQjHBgEAAAA5VeR2Kotd5It12I1JAA+2BDJCM8HB6QgPtsAzDIXASTQHO9Ny6It1CItd+ItFDGoA/3UU99H/dRCJTgiLy/915IsA/3XYiUYE6ID0//+L2MdF9AAAAACF23UDiV30/3XY6NipAACDxAT/dfTozakAAIPEBP918OjCqQAAg8QE/3Xs6LepAACDxARX6K6pAACDxASLw19eW4vlXcIQAFWL7FaLdQiLRjCFwHRCUzPbOR52Jlcz/+sGjZsAAAAAi0Yw/3QHDOh0qQAAQ41/EIPEBDsecumLRjBfW4XAdBBQ6FqpAACDxATHRjAAAAAAajRqAFboLtIAAIPEDF5dwgQAzMzMzMzMzMzMzMzMzMxVi+yLRQiDeAgAdByLTQyDeQgAdA6LAIsJO8FyBncJM8Bdw4PI/13DuAEAAABdw8xVi+xRU1aLdQgz21eLBoXAdF8zyYlN/OsHjaQkAAAAAIt+MAP5aDBlMwdqPP93CP93DOjpsQAAi1cIg8QQM8mF0nQbi0cMg8AIjaQkAAAAAIM4AHQBQYPAPIPqAXXyiU8IQ4tN/IsGg8EQiU38O9hyr2gwZTMHahBQ/3Yw6J+xAAAzyYPEEDP/iU38OQ52KTPbi0Ywg3wDCAB2BkGJTfzrD/90AwzoVqgAAItN/IPEBEeDwxA7PnLZX4kOXluL5V3CBADMzMzMzMzMzMzMzMzMVYvsg+T4g+wcU1aLNTyTNAeLwYlUJCCJRCQMx0QkEHAXAABXhfZ0J41MJBhRUGoIi87/FQBANAf/1oPEDIXAdQ6LRCQci3QkGIlEJBzrB4PO/4l0JByF9nUMuHAXAABfXluL5V3DgH0MAHQNgf4AEAAAdgW+ABAAAFbogacAAIv4g8QEhf91DLhzFwAAX15bi+Vdw4sdPJM0B4XbD4S8AAAAjUQkGIvLUGoAagBqAP90JCBqBv8VAEA0B//Tg8QYhcAPhZYAAACLRCQYI0QkHIP4/w+EhQAAAIsdPJM0B4XbdCiNRCQYi8tQav9q/1ZX/3QkJGoE/xUAQDQH/9ODxByFwHUGi0QkGOsDg8j/O8Z1TItdDI1EJBhTUI1EJBjHRCQgAAAAAFCL1ovP6E8tAACDxAyA+wF1CYP4AXUEi8frCIXAdRiLRCQQi0wkJIXJdAQrx4kBx0QkFAAAAABX6MymAACLRCQYg8QEX15bi+Vdw8zMzMzMzMzMzMzMzMzMVYvsg+wIgz0UkzQHAFNWV4v5i/KJffx1TYsdPJM0BzP2iXX8hdt0Ko1F/IvLUP91CFJXag3/FQBANAf/04t1/IPEFPfYG8D30F8jxl5bi+Vdw7hnGwAA99hfG8D30CPGXluL5V3Diw0gkzQHhckPhNEAAAAz0ovH9/GF0g+FwwAAAIvG9/GF0g+FtwAAAItFCPfxhdIPhaoAAABqEOjepQAAi9iDxASF2w+ElgAAAItF/ItNCAPGA8GJO4lLCDP/i00MiXMEiUX4O8h2Ios1HJM0B2oBaAAgAABRV4vO/xUAQDQH/9aL+IX/dFCLRfiLNRyTNAeLzmoEaAAQAABQV/8VAEA0B//WiUMMhcB0EYX/dAQ7+HUJX16Lw1uL5V3Dhf90GIs1GJM0B4vOaACAAABqAFf/FQBANAf/1lPobqUAAIPEBF9eM8Bbi+Vdw8zMVYvsUYM9FJM0BwBWV4v5dTOLNTyTNAeF9nQaV2oPi87/FQBANAf/1oPECPfYG8BfXovlXcO4ZxsAAPfYXxvAXovlXcNThf90eYsHi18MhcB0Hos1EJM0B41N/FFqIFBTi87/FQBANAf/1oXAdFQDH4tHBIXAdB+LNRCTNAeNTfxRagJQU4vO/xUAQDQH/9aFwHQvA18Ei0cIhcB0HIs1EJM0B41N/FFqBFBTi87/FQBANAf/1oXAdAlbXzPAXovlXcNbX4PI/16L5V3DzMzMzFWL7IPsCFOL2YtNCIXJdQkywFuL5V3CDACAfRAAi0UMD4QwAQAAhcAPhCgBAABXjXsEhf91CI1H/un9AAAAVot3IMdHGAAAAACF9nUTiXcoM8DHRyCADTQHvoANNAfrA4tHKIN/JAB1B8dHJKANNAdo0BsAAGoBUIvO/xUAQDQH/9aDxAyJRfiFwHUKuPz////ppAAAAIlHHIk4x0A4AAAAAMdABDQ/AACDfyAAdGSLTySJTfyFyXRai3cchfZ0Uzk+dU+LRgQtND8AAIP4H3dCi0Y4hcB0HYN+KA90F1D/dyj/FQBANAf/VfyDxAjHRjgAAAAAi8/HRgwFAAAAx0YoDwAAAOh2aQAAiUX8hcB0KesHx0X8/v////91+It3JIvO/3co/xUAQDQH/9aLRfyDxAjHRxwAAAAAXotNDIXAiUsIi00ID5TAiQ9fxgMBW4vlXcIMAIlDCIlDDLABiUsExgMAW4vlXcIMAMzMzMzMVYvsU1ZXi30Mi/GF/3RxgD4AdTCLRgg7x3MCi/hX/3YE/3UI6OPNAAABfgSDxAwpfgiLRRCFwHQ+iTiwAV9eW13CDACLRQiJfhSJRhCNSQCNTgTo6GoAAIXAdAWD+AF1H4tOFIXJdASFwHTki0UQhcB0BCv5iThfXrABW13CDABfXjLAW13CDADMzMzMzMzMVYvsgezYAwAAoQCQNAczxYlF/ItFEFOLXQyJleD8//+Jjdz8//+Jhej8//9Wg/sWD4KgBAAAi3UIiwY5RRQPgpIEAACFwHUQXluLTfwzzeiMoQAAi+Vdw1dqOI2FpPz//2oAUOgPywAAajiNhSz8///GhaD8//8AagBQ6PjKAABqOI2FaPz//8aFKPz//wBqAFDo4coAAItWCjP/i04Si8Il////f8aFZPz//wCJhez8//+B4f///3+LRg6DxCQl////f4mN5Pz//4mF9Pz//zP2A8GJvfD8//+Ljez8//+DwRaJtfj8//8DwTvDD4WRAwAAi10IgHsICA+FhAMAAPZDCQF0KYuN4Pz//8HpAoPpAXQbi5Xc/P//jZsAAAAAi0SK/CkEioPpAXX0i1MKi0UIjY2g/P//i53s/P//g8AWweofUlNQ6LT8//+EwA+EMAMAAItNCItBDsHoH1D/tfT8//+NQRYDw42NKPz//1Doi/z//4TAD4QHAwAAi00Ii0ESg8EWwegfUIuF9Pz///+15Pz//wPDA8GNjWT8//9Q6Fr8//+EwA+E1gIAAIvOi52o/P//hdsPlMCEwA+FLgIAADiFoPz//3UxvwADAAA733MCi/tX/7Wk/P//jYX8/P//UOiTywAAAb2k/P//g8QMK9+Jnaj8///rQ42F/Pz//8eFtPz//wADAACJhbD8//+NjaT8///ok2gAAIXAdAmD+AEPhVoCAACLjbT8//+FyXQEhcB02r8AAwAAK/m4q6qqqvfnweoDjQRSweACK/gPhS0CAACLvfD8//+Nnfz8//+Ly4md5Pz//wPBO8iJhez8//+Ljfj8//8Pgy////+LE4XSD4StAAAAjQQ6O0UUD4ftAQAAg70w/P//AA+UwDwBD4TbAQAAx4X0/P//AAAAAAO96Pz//w+ExQEAAI2F9Pz//1BSV42NKPz//+id/P//hMAPhKkBAACLEzmV9Pz//w+FmwEAADPAhdJ0JYud3Pz//40MMDuN4Pz//3MJjQwDigwxAAwHQDvCcueLneT8////tfj8//+Lz+hPAwAAi73w/P//i8iLhez8//+DxASJjfj8//8D+gPyi1MEib3w/P//hdIPhIMAAACNBDo7RRQPhysBAACDvWz8//8AD5TAPAEPhBkBAADHhfT8//8AAAAAA73o/P//D4QDAQAAjYX0/P//UFJXjY1k/P//6Nv7//+EwA+E5wAAAItTBDmV9Pz//w+F2AAAAP+1+Pz//4vP6LcCAACLvfD8//+LyIuF7Pz//4PEBImN+Pz//wNzCAP6g8MMib3w/P//iZ3k/P//O9gPgpX+///pv/3//4tFCPZACQEPhHwAAACLleD8//+5AQAAAMHqAjvRdhKLndz8//+LRIv8AQSLQTvKcvSLnej8//+L18HqArkBAAL/D4XYCwMA/7X4/AsC/4vP6LcC ----- END SNIP ----- Loaded Modules ----------------------------------------------------------------------------- 01300000-019B1000 ESETOnlineScanner_DEU.exe (ESET spol. s r.o.), version: 2.0.22.0 77410000-775AC000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74C40000-74D20000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74980000-74A64000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.767 76550000-76749000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77380000-773FE000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 760C0000-76180000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 75A30000-75AA9000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 767F0000-768AF000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74A80000-74AA0000 SspiCli.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74A70000-74A7A000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 772B0000-77312000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71F20000-71FBC000 apphelp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 763B0000-76549000 USER32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 759B0000-759C7000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75A00000-75A23000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74F40000-750A6000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 76EB0000-76F30000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 751C0000-752E3000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77320000-7737F000 WS2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75460000-759AD000 SHELL32.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 76750000-7678B000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76250000-762D9000 shcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 77030000-772AE000 combase.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 768B0000-76EAA000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750C0000-750DC000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76790000-767E4000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75170000-751B4000 shlwapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 763A0000-763AF000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76210000-76222000 cryptsp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 75F60000-7605B000 ole32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 762E0000-7637B000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 759D0000-759F5000 IMM32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 744A0000-744A6000 MSIMG32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74680000-7488F000 COMCTL32.dll (Microsoft Corporation), version: 6.10 (WinBuild.160101.0800) 73B90000-73C0B000 UxTheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 721B0000-7231F000 gdiplus.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 73B80000-73B88000 WSOCK32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 72320000-72374000 OLEACC.dll (Microsoft Corporation), version: 7.2.17763.1 (WinBuild.160101.0800) 744E0000-74504000 WINMM.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73F50000-73FBB000 WINSPOOL.DRV (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 76230000-76249000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 744B0000-744D3000 WINMMBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73D40000-73EBE000 PROPSYS.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 74510000-74543000 IPHLPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 5A430000-5A4AC000 RICHED20.DLL (Microsoft Corporation), version: 5.31.23.1231 621C0000-621D7000 USP10.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 5A3F0000-5A421000 msls31.dll (Microsoft Corporation), version: 3.10.349.0 71390000-713B6000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74AA0000-74C39000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74E80000-74E8E000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74D40000-74E7D000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 67720000-677A6000 TextInputFramework.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 03870000-03ADA000 CoreUIComponents.dll (Microsoft Corporation), version: 10.0.17763.1 67380000-6740F000 CoreMessaging.dll (Microsoft Corporation), version: 10.0.17763.55 73D00000-73D29000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71FC0000-7209B000 wintypes.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74940000-74948000 version.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 736F0000-73742000 mswsock.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73630000-736C0000 DNSAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750B0000-750B7000 NSI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 735C0000-73611000 fwpuclnt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73620000-73628000 rasadhlp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 750E0000-75161000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 60AA0000-60EC9000 explorerframe.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73750000-73B73000 wininet.dll (Microsoft Corporation), version: 11.00.17763.1 (WinBuild.160101.0800) 73090000-732BD000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.1 (WinBuild.160101.0800) 71920000-71932000 ondemandconnroutehelper.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74550000-7460D000 winhttp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71910000-71918000 WINNSI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 732C0000-7347C000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.55 (WinBuild.160101.0800) 716D0000-716D8000 DPAPI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74EF0000-74F35000 WINTRUST.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74910000-7493F000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 713C0000-71433000 schannel.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 716C0000-716D0000 mskeyprotect.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71330000-71352000 ncrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 71300000-7132C000 NTASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74630000-74656000 cryptnet.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 716A0000-716BF000 ncryptsslp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 58E60000-58F77000 esets_apiW_a.DLL (ESET), version: 6.0.2999.0 74660000-74678000 MPR.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74040000-74403000 msi.dll (Microsoft Corporation), version: 5.0.17763.1 74D20000-74D26000 psapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74950000-74973000 userenv.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 03070000-03073000 sfc.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 73070000-7307F000 sfc_os.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74480000-74493000 netapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 58E50000-58E59000 SCHEDCLI.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74430000-7443B000 NETUTILS.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 74410000-74424000 dhcpcsvc.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [10900] "C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe" EULA 2 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [11552] 3 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [9900] 4 C:\Windows\explorer.exe [7068] 5 C:\Windows\System32\userinit.exe [7052] Thumbprint db5079f61b81c98e6d8ad4ca95d7da8d0039b61ca84f1831acb32a6450cba3b3</Data> </EventData> </Event>
Running smooth here (Windows 7 Pro SP1 x64). Earlier problems with MS Office 2013 (Control-flow Integrity) were fixed after update of Emsisoft Anti-Malware or HMPA.
FP? Logboeknaam: Application Bron: HitmanPro.Alert Datum: 5-11-2018 17:40:17 Gebeurtenis-id:800 Taakcategorie: Anti-Malware Niveau: Fout Trefwoorden: Klassiek Gebruiker: n.v.t. Computer: **** Beschrijving: Malware found: Gen:Variant.Ulise.1616 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Mitigation MalwareBlocked Platform 10.0.17763/x64 v767 06_5e PID 13248 Application C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Description Gen:Variant.Ulise.1616 SHA256: f8638ae642ca4ee4a408e4d52e3e1c52d87423ee8e533bf1795a47303e1f9215
I am using build 767 with no problem. However, I am seeing an unsecured internet connection occurring periodically throughout the day: I have the Anti-Malware feature turned off. I can understand a one time license/update check a day but this is happening quite often. Is it possibly a feature of the beta process?
HitmanPro.Alert 3.7.9 Build 769 Release Candidate 4 Changelog (compared to build 767) Improved Reduction of false-positives for Code Cave alerts. Download http://test.hitmanpro.com/hmpalert3b769.exe We will also auto-update the current 767 RC users. Please let us know how this version runs on your endpoints! If this version has no major defects it will be promoted to the next stable release.
Updated here. Will report back after it has been running awhile. Edit: No problems so far with HMPA 3.7.9 769.