HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. emil emil

    emil emil Registered Member

    Joined:
    May 5, 2016
    Posts:
    28
    HMPA block all nirsoft softwares
    Malware found:
    App/NirSoft-Gen
    G:\Downloads\WSCC - Windows System Control Center\NirSoft Utilities\ipnetinfo.exe
    Mitigation MalwareBlocked

    Platform 6.1.7601/x64 v765 06_1e
    PID 11968
    Application G:\Downloads\WSCC - Windows System Control Center\NirSoft Utilities\ipnetinfo.exe
    Description App/NirSoft-Gen
     
  2. guest

    guest Guest

    The cloud is flagging these tools. If you want them to launch you need to disable the Realtime Antimalware Protection temporarily (=as long as the Realtime Antimalware Protection it is enabled, they will be blocked from launching)
     
  3. emil emil

    emil emil Registered Member

    Joined:
    May 5, 2016
    Posts:
    28
    Thanks , anyway for exclusion with Realtime Antimalware Protection enabled ?
     
  4. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    No. Broken as Desiged. My take on this
     
    Last edited: Oct 21, 2018
  5. guest

    guest Guest

    They had planned to implement it some time ago, but i guess it isn't on their roadmap anymore :)
     
  6. lucidstorm

    lucidstorm Registered Member

    Joined:
    Aug 12, 2018
    Posts:
    41
    Location:
    Poland
    cool when trial runs out you still have passive protection (VM simulation), key encryption, bad usb protection, camera protection, browser protection (will tell you if browser is suitable for banking ect).
     
  7. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.7.9 Build 767 Release Candidate 3

    Changelog (compared to build 765)

    Added
    • Dynamic Shellcode Mitigation (Helps prevent threat actors from loading unsafe code into memory) protection can now be turned on/off - however the mitigation is still in detect only mode.
    Improved
    • Reduction of false-positives for DEP alerts in case of crashing applications.
    • Reduction of false-positives for Code Cave alerts on .NET applications.
    Fixed
    • WipeGuard can now handle disks with other sector sizes than 512.
    • CodeCave triggered falsely during process initialization.
    Download
    http://test.hitmanpro.com/hmpalert3b767.exe

    We will also auto-update the current 765 beta users.
    Please let us know how this version runs on your endpoints! :thumb:
     
    Last edited: Nov 1, 2018
  8. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problem upgrading build 767 RC3.

    Win10 1809 build 17763.55 x64/Norton Security v22.16.0.247
     
  9. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    No problem na auto-update to Versie 3.7.9 build 767 Release Candidate 3

    Win10 Pro 1809 build 17763.55 x64/Emsisoft Anti-malware
     
  10. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    I upgraded to RC 767 on Win 7. Smooth upgrade and running fine.

    Thanks guys
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    Smooth upgrade here as well.
     
  12. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Once again error 0 and unable to install. Had to uninstall HMP.A and perform a clean install instead.

    That's at least 3 releases in a row now...
     
  13. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    WIN10-1809 system restore failed, so i had to uninstall HMP.A build 765, to make it work.
    After successful restore HMP.A updated to build 767.

    After Upgrade to build 767 I ran ESET online scanner, that caused an issue:
    Protokollname: Application
    Quelle: HitmanPro.Alert
    Datum: 01.11.2018 23:35:56
    Ereignis-ID: 911
    Aufgabenkategorie:Mitigation
    Ebene: Fehler
    Schlüsselwörter:Klassisch
    Benutzer: Nicht zutreffend
    Computer: HiltiPC
    Beschreibung:
    Mitigation Shellcode

    Platform 10.0.17763/x64 v767 06_3c
    PID 10900
    Feature 00170AB0000001A6
    Application C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe
    Description ESET Online Scanner 2.0.22

    Shellcode (HHP) (0x000F5000 bytes)
    CALLER is inside localAlloc mem
    Owner of CALLER: (anonymous; allocated by 58E977CB, esets_apiW_a.DLL)
    (anonymous; esets_apiW_a.DLL)+0x6968
    Range (0x09460000 - 0x09555000))
    (anonymous)+0x0
    Owner of BaseAddress: (0733696A) NO MODULE ASSIGNED


    07336968 ffd6 CALL ESI
    0733696A 85c0 TEST EAX, EAX
    0733696C 7454 JZ 0x73369c2
    0733696E 031f ADD EBX, [EDI]
    07336970 8b4704 MOV EAX, [EDI+0x4]
    07336973 85c0 TEST EAX, EAX
    07336975 741f JZ 0x7336996
    07336977 8b3510933407 MOV ESI, [0x7349310]
    0733697D 8d4dfc LEA ECX, [EBP-0x4]
    07336980 51 PUSH ECX
    07336981 6a02 PUSH 0x2
    07336983 50 PUSH EAX
    07336984 53 PUSH EBX
    07336985 8bce MOV ECX, ESI
    07336987 ff1500403407 CALL DWORD [0x7344000]
    0733698D ffd6 CALL ESI

    ----- SNIP HERE -----
    AAELAQBgMwdoaTMHAGAzBwDgAADCBADMzMzMzMzMzMxVi+yD7EyLRQxTVleLAIvZM/+JXfgz9sdF8AAAAADHRewAAAAAhcB1DrhwFwAAX15bi+VdwhAAweAEUIlF5OjNrQAAg8QEiUXYhcB1DrhaGwAAX15bi+VdwhAA/3XkagBQ6MLWAACLRRCDxAwDReSLVdiJRdyLRQyJVcyJdbg5MA+GaAMAADP2iXXI6wONSQCLSDCLBDEDzokCi0XcK0UQiU28i0kIiUoEiUIIjTRJweYDVol10OhVrQAAg8QEiUX0hcAPhB4DAABWagBQ6FbWAACLRbyDxAwDddyJdejHRcQAAAAAg3gIAA+GXgIAAItN9IPBBDPSiU3giVXAjUkAi3AMA/LGRf8Ai1YYhdIPhJQAAACDfjAAdR2LRQwzyTiLgAIAAA+VwQ+2QBQ7wXUHi1YQxkX/AVLo06wAAIvYg8QEiV3whdsPhJoCAACLTfiLVQyDwQSAff8AdB6LRhQDQgxQ/3YQU+j05f//hcB0NbtwFwAA6eYCAACAehQBU/92HA+UwP92GA+2wP92EFCLRhQDQgxQ6LXm//+L2IXbD4W7AgAAi134i0YwhcB0SFDoW6wAAIPEBIlF7IXAD4QkAgAAi00MUP92NP92MIB5KAH/digPlMAPtsBQi0YsA0EgjYs4AQAAUOhj5v//i9iF2w+FaQIAAItd7IXbdQ2LffAzyYl91IlN8Otli0YIOwMPhVr///9Q6PSrAACL+IPEBIl91IX/D4S7AQAA/3YIi1YYV/92MFOLXfCLy+jf5v///3XsiUW06PSrAACDxBSF23QJU+jnqwAAg8QEi0W0M8mJTfCJTew7RggPhWoBAACLVeCLBotd6IlC/ItGCIkCi8MrRRCAff8AiUIEi0YIiUIIdC6LThBqAP91FIkKi0YcU1GLTfhXiUIM6CH2//+L2IX/dFtX6IWrAACDxAQz/+tOi14Ig8j/M9KF23Qai/8Ptgw6QjPIwegID7bJMwSNwEk0BzvTcuiLTeD30FGJQQyNRdSLTfhQ/3UUD7aBgAIAAFD/dejo1fb//4t91IvYhdsPhUgBAACLTeCLVcCLXfiDwjyJVcCLAYPBGIlGCIt16APwiU3gi03Ei0W8QYl16IlNxDtICA+Cs/3//4tF0IPJ/zPShcB0KIt19IvYi/8PtgQyQjPBwekID7bAMwyFwEk0BzvTcuiLdeiLXfiLRdCLVcz30WoA/3UU/3XciUoMi8tQ/3X06DT1//+L2IXbD4W6AAAA/3X06JKqAACLTbiDxASLRQxBi1XMg0XIEIPCEItd+Il13IlVzIlNuDsIcxyLdcjptvz//7twFwAAiU3siU3w63m7WhsAAOtyK3UQM9KJcASDyf+LdQjHBgEAAAA5VeR2Kotd5It12I1JAA+2BDJCM8HB6QgPtsAzDIXASTQHO9Ny6It1CItd+ItFDGoA/3UU99H/dRCJTgiLy/915IsA/3XYiUYE6ID0//+L2MdF9AAAAACF23UDiV30/3XY6NipAACDxAT/dfTozakAAIPEBP918OjCqQAAg8QE/3Xs6LepAACDxARX6K6pAACDxASLw19eW4vlXcIQAFWL7FaLdQiLRjCFwHRCUzPbOR52Jlcz/+sGjZsAAAAAi0Yw/3QHDOh0qQAAQ41/EIPEBDsecumLRjBfW4XAdBBQ6FqpAACDxATHRjAAAAAAajRqAFboLtIAAIPEDF5dwgQAzMzMzMzMzMzMzMzMzMxVi+yLRQiDeAgAdByLTQyDeQgAdA6LAIsJO8FyBncJM8Bdw4PI/13DuAEAAABdw8xVi+xRU1aLdQgz21eLBoXAdF8zyYlN/OsHjaQkAAAAAIt+MAP5aDBlMwdqPP93CP93DOjpsQAAi1cIg8QQM8mF0nQbi0cMg8AIjaQkAAAAAIM4AHQBQYPAPIPqAXXyiU8IQ4tN/IsGg8EQiU38O9hyr2gwZTMHahBQ/3Yw6J+xAAAzyYPEEDP/iU38OQ52KTPbi0Ywg3wDCAB2BkGJTfzrD/90AwzoVqgAAItN/IPEBEeDwxA7PnLZX4kOXluL5V3CBADMzMzMzMzMzMzMzMzMVYvsg+T4g+wcU1aLNTyTNAeLwYlUJCCJRCQMx0QkEHAXAABXhfZ0J41MJBhRUGoIi87/FQBANAf/1oPEDIXAdQ6LRCQci3QkGIlEJBzrB4PO/4l0JByF9nUMuHAXAABfXluL5V3DgH0MAHQNgf4AEAAAdgW+ABAAAFbogacAAIv4g8QEhf91DLhzFwAAX15bi+Vdw4sdPJM0B4XbD4S8AAAAjUQkGIvLUGoAagBqAP90JCBqBv8VAEA0B//Tg8QYhcAPhZYAAACLRCQYI0QkHIP4/w+EhQAAAIsdPJM0B4XbdCiNRCQYi8tQav9q/1ZX/3QkJGoE/xUAQDQH/9ODxByFwHUGi0QkGOsDg8j/O8Z1TItdDI1EJBhTUI1EJBjHRCQgAAAAAFCL1ovP6E8tAACDxAyA+wF1CYP4AXUEi8frCIXAdRiLRCQQi0wkJIXJdAQrx4kBx0QkFAAAAABX6MymAACLRCQYg8QEX15bi+Vdw8zMzMzMzMzMzMzMzMzMVYvsg+wIgz0UkzQHAFNWV4v5i/KJffx1TYsdPJM0BzP2iXX8hdt0Ko1F/IvLUP91CFJXag3/FQBANAf/04t1/IPEFPfYG8D30F8jxl5bi+Vdw7hnGwAA99hfG8D30CPGXluL5V3Diw0gkzQHhckPhNEAAAAz0ovH9/GF0g+FwwAAAIvG9/GF0g+FtwAAAItFCPfxhdIPhaoAAABqEOjepQAAi9iDxASF2w+ElgAAAItF/ItNCAPGA8GJO4lLCDP/i00MiXMEiUX4O8h2Ios1HJM0B2oBaAAgAABRV4vO/xUAQDQH/9aL+IX/dFCLRfiLNRyTNAeLzmoEaAAQAABQV/8VAEA0B//WiUMMhcB0EYX/dAQ7+HUJX16Lw1uL5V3Dhf90GIs1GJM0B4vOaACAAABqAFf/FQBANAf/1lPobqUAAIPEBF9eM8Bbi+Vdw8zMVYvsUYM9FJM0BwBWV4v5dTOLNTyTNAeF9nQaV2oPi87/FQBANAf/1oPECPfYG8BfXovlXcO4ZxsAAPfYXxvAXovlXcNThf90eYsHi18MhcB0Hos1EJM0B41N/FFqIFBTi87/FQBANAf/1oXAdFQDH4tHBIXAdB+LNRCTNAeNTfxRagJQU4vO/xUAQDQH/9aFwHQvA18Ei0cIhcB0HIs1EJM0B41N/FFqBFBTi87/FQBANAf/1oXAdAlbXzPAXovlXcNbX4PI/16L5V3DzMzMzFWL7IPsCFOL2YtNCIXJdQkywFuL5V3CDACAfRAAi0UMD4QwAQAAhcAPhCgBAABXjXsEhf91CI1H/un9AAAAVot3IMdHGAAAAACF9nUTiXcoM8DHRyCADTQHvoANNAfrA4tHKIN/JAB1B8dHJKANNAdo0BsAAGoBUIvO/xUAQDQH/9aDxAyJRfiFwHUKuPz////ppAAAAIlHHIk4x0A4AAAAAMdABDQ/AACDfyAAdGSLTySJTfyFyXRai3cchfZ0Uzk+dU+LRgQtND8AAIP4H3dCi0Y4hcB0HYN+KA90F1D/dyj/FQBANAf/VfyDxAjHRjgAAAAAi8/HRgwFAAAAx0YoDwAAAOh2aQAAiUX8hcB0KesHx0X8/v////91+It3JIvO/3co/xUAQDQH/9aLRfyDxAjHRxwAAAAAXotNDIXAiUsIi00ID5TAiQ9fxgMBW4vlXcIMAIlDCIlDDLABiUsExgMAW4vlXcIMAMzMzMzMVYvsU1ZXi30Mi/GF/3RxgD4AdTCLRgg7x3MCi/hX/3YE/3UI6OPNAAABfgSDxAwpfgiLRRCFwHQ+iTiwAV9eW13CDACLRQiJfhSJRhCNSQCNTgTo6GoAAIXAdAWD+AF1H4tOFIXJdASFwHTki0UQhcB0BCv5iThfXrABW13CDABfXjLAW13CDADMzMzMzMzMVYvsgezYAwAAoQCQNAczxYlF/ItFEFOLXQyJleD8//+Jjdz8//+Jhej8//9Wg/sWD4KgBAAAi3UIiwY5RRQPgpIEAACFwHUQXluLTfwzzeiMoQAAi+Vdw1dqOI2FpPz//2oAUOgPywAAajiNhSz8///GhaD8//8AagBQ6PjKAABqOI2FaPz//8aFKPz//wBqAFDo4coAAItWCjP/i04Si8Il////f8aFZPz//wCJhez8//+B4f///3+LRg6DxCQl////f4mN5Pz//4mF9Pz//zP2A8GJvfD8//+Ljez8//+DwRaJtfj8//8DwTvDD4WRAwAAi10IgHsICA+FhAMAAPZDCQF0KYuN4Pz//8HpAoPpAXQbi5Xc/P//jZsAAAAAi0SK/CkEioPpAXX0i1MKi0UIjY2g/P//i53s/P//g8AWweofUlNQ6LT8//+EwA+EMAMAAItNCItBDsHoH1D/tfT8//+NQRYDw42NKPz//1Doi/z//4TAD4QHAwAAi00Ii0ESg8EWwegfUIuF9Pz///+15Pz//wPDA8GNjWT8//9Q6Fr8//+EwA+E1gIAAIvOi52o/P//hdsPlMCEwA+FLgIAADiFoPz//3UxvwADAAA733MCi/tX/7Wk/P//jYX8/P//UOiTywAAAb2k/P//g8QMK9+Jnaj8///rQ42F/Pz//8eFtPz//wADAACJhbD8//+NjaT8///ok2gAAIXAdAmD+AEPhVoCAACLjbT8//+FyXQEhcB02r8AAwAAK/m4q6qqqvfnweoDjQRSweACK/gPhS0CAACLvfD8//+Nnfz8//+Ly4md5Pz//wPBO8iJhez8//+Ljfj8//8Pgy////+LE4XSD4StAAAAjQQ6O0UUD4ftAQAAg70w/P//AA+UwDwBD4TbAQAAx4X0/P//AAAAAAO96Pz//w+ExQEAAI2F9Pz//1BSV42NKPz//+id/P//hMAPhKkBAACLEzmV9Pz//w+FmwEAADPAhdJ0JYud3Pz//40MMDuN4Pz//3MJjQwDigwxAAwHQDvCcueLneT8////tfj8//+Lz+hPAwAAi73w/P//i8iLhez8//+DxASJjfj8//8D+gPyi1MEib3w/P//hdIPhIMAAACNBDo7RRQPhysBAACDvWz8//8AD5TAPAEPhBkBAADHhfT8//8AAAAAA73o/P//D4QDAQAAjYX0/P//UFJXjY1k/P//6Nv7//+EwA+E5wAAAItTBDmV9Pz//w+F2AAAAP+1+Pz//4vP6LcCAACLvfD8//+LyIuF7Pz//4PEBImN+Pz//wNzCAP6g8MMib3w/P//iZ3k/P//O9gPgpX+///pv/3//4tFCPZACQEPhHwAAACLleD8//+5AQAAAMHqAjvRdhKLndz8//+LRIv8AQSLQTvKcvSLnej8//+L18HqArkBAAL/D4XYCwMA/7X4/AsC/4vP6LcC
    ----- END SNIP -----

    Loaded Modules
    -----------------------------------------------------------------------------
    01300000-019B1000 ESETOnlineScanner_DEU.exe (ESET spol. s r.o.),
    version: 2.0.22.0
    77410000-775AC000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74C40000-74D20000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74980000-74A64000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.9.767
    76550000-76749000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77380000-773FE000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    760C0000-76180000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17763.1 (WinBuild.160101.0800)
    75A30000-75AA9000 sechost.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    767F0000-768AF000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74A80000-74AA0000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74A70000-74A7A000 CRYPTBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    772B0000-77312000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71F20000-71FBC000 apphelp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    763B0000-76549000 USER32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    759B0000-759C7000 win32u.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75A00000-75A23000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74F40000-750A6000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    76EB0000-76F30000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    751C0000-752E3000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77320000-7737F000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75460000-759AD000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    76750000-7678B000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76250000-762D9000 shcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77030000-772AE000 combase.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    768B0000-76EAA000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750C0000-750DC000 profapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76790000-767E4000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75170000-751B4000 shlwapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    763A0000-763AF000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76210000-76222000 cryptsp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75F60000-7605B000 ole32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    762E0000-7637B000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    759D0000-759F5000 IMM32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    744A0000-744A6000 MSIMG32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74680000-7488F000 COMCTL32.dll (Microsoft Corporation),
    version: 6.10 (WinBuild.160101.0800)
    73B90000-73C0B000 UxTheme.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    721B0000-7231F000 gdiplus.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    73B80000-73B88000 WSOCK32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    72320000-72374000 OLEACC.dll (Microsoft Corporation),
    version: 7.2.17763.1 (WinBuild.160101.0800)
    744E0000-74504000 WINMM.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73F50000-73FBB000 WINSPOOL.DRV (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76230000-76249000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    744B0000-744D3000 WINMMBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73D40000-73EBE000 PROPSYS.dll (Microsoft Corporation),
    version: 7.0.17763.1 (WinBuild.160101.0800)
    74510000-74543000 IPHLPAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    5A430000-5A4AC000 RICHED20.DLL (Microsoft Corporation),
    version: 5.31.23.1231
    621C0000-621D7000 USP10.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    5A3F0000-5A421000 msls31.dll (Microsoft Corporation),
    version: 3.10.349.0
    71390000-713B6000 dwmapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74AA0000-74C39000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74E80000-74E8E000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74D40000-74E7D000 MSCTF.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    67720000-677A6000 TextInputFramework.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    03870000-03ADA000 CoreUIComponents.dll (Microsoft Corporation),
    version: 10.0.17763.1
    67380000-6740F000 CoreMessaging.dll (Microsoft Corporation),
    version: 10.0.17763.55
    73D00000-73D29000 ntmarta.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71FC0000-7209B000 wintypes.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74940000-74948000 version.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    736F0000-73742000 mswsock.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73630000-736C0000 DNSAPI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750B0000-750B7000 NSI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    735C0000-73611000 fwpuclnt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73620000-73628000 rasadhlp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750E0000-75161000 clbcatq.dll (Microsoft Corporation),
    version: 2001.12.10941.16384 (WinBuild.160101.080
    60AA0000-60EC9000 explorerframe.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73750000-73B73000 wininet.dll (Microsoft Corporation),
    version: 11.00.17763.1 (WinBuild.160101.0800)
    73090000-732BD000 iertutil.dll (Microsoft Corporation),
    version: 11.00.17763.1 (WinBuild.160101.0800)
    71920000-71932000 ondemandconnroutehelper.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74550000-7460D000 winhttp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71910000-71918000 WINNSI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    732C0000-7347C000 urlmon.dll (Microsoft Corporation),
    version: 11.00.17763.55 (WinBuild.160101.0800)
    716D0000-716D8000 DPAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74EF0000-74F35000 WINTRUST.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74910000-7493F000 rsaenh.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    713C0000-71433000 schannel.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    716C0000-716D0000 mskeyprotect.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71330000-71352000 ncrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71300000-7132C000 NTASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74630000-74656000 cryptnet.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    716A0000-716BF000 ncryptsslp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    58E60000-58F77000 esets_apiW_a.DLL (ESET),
    version: 6.0.2999.0
    74660000-74678000 MPR.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74040000-74403000 msi.dll (Microsoft Corporation),
    version: 5.0.17763.1
    74D20000-74D26000 psapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74950000-74973000 userenv.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    03070000-03073000 sfc.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73070000-7307F000 sfc_os.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74480000-74493000 netapi32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    58E50000-58E59000 SCHEDCLI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74430000-7443B000 NETUTILS.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74410000-74424000 dhcpcsvc.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)

    Process Trace
    1 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [10900]
    "C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe" EULA
    2 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [11552]
    3 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [9900]
    4 C:\Windows\explorer.exe [7068]
    5 C:\Windows\System32\userinit.exe [7052]

    Thumbprint
    db5079f61b81c98e6d8ad4ca95d7da8d0039b61ca84f1831acb32a6450cba3b3
    Ereignis-XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="HitmanPro.Alert" />
    <EventID Qualifiers="0">911</EventID>
    <Level>2</Level>
    <Task>9</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-11-01T22:35:56.139510400Z" />
    <EventRecordID>7307</EventRecordID>
    <Channel>Application</Channel>
    <Computer>HiltiPC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe</Data>
    <Data>Shellcode</Data>
    <Data>Mitigation Shellcode

    Platform 10.0.17763/x64 v767 06_3c
    PID 10900
    Feature 00170AB0000001A6
    Application C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe
    Description ESET Online Scanner 2.0.22

    Shellcode (HHP) (0x000F5000 bytes)
    CALLER is inside localAlloc mem
    Owner of CALLER: (anonymous; allocated by 58E977CB, esets_apiW_a.DLL)
    (anonymous; esets_apiW_a.DLL)+0x6968
    Range (0x09460000 - 0x09555000))
    (anonymous)+0x0
    Owner of BaseAddress: (0733696A) NO MODULE ASSIGNED


    07336968 ffd6 CALL ESI
    0733696A 85c0 TEST EAX, EAX
    0733696C 7454 JZ 0x73369c2
    0733696E 031f ADD EBX, [EDI]
    07336970 8b4704 MOV EAX, [EDI+0x4]
    07336973 85c0 TEST EAX, EAX
    07336975 741f JZ 0x7336996
    07336977 8b3510933407 MOV ESI, [0x7349310]
    0733697D 8d4dfc LEA ECX, [EBP-0x4]
    07336980 51 PUSH ECX
    07336981 6a02 PUSH 0x2
    07336983 50 PUSH EAX
    07336984 53 PUSH EBX
    07336985 8bce MOV ECX, ESI
    07336987 ff1500403407 CALL DWORD [0x7344000]
    0733698D ffd6 CALL ESI

    ----- SNIP HERE -----
    AAELAQBgMwdoaTMHAGAzBwDgAADCBADMzMzMzMzMzMxVi+yD7EyLRQxTVleLAIvZM/+JXfgz9sdF8AAAAADHRewAAAAAhcB1DrhwFwAAX15bi+VdwhAAweAEUIlF5OjNrQAAg8QEiUXYhcB1DrhaGwAAX15bi+VdwhAA/3XkagBQ6MLWAACLRRCDxAwDReSLVdiJRdyLRQyJVcyJdbg5MA+GaAMAADP2iXXI6wONSQCLSDCLBDEDzokCi0XcK0UQiU28i0kIiUoEiUIIjTRJweYDVol10OhVrQAAg8QEiUX0hcAPhB4DAABWagBQ6FbWAACLRbyDxAwDddyJdejHRcQAAAAAg3gIAA+GXgIAAItN9IPBBDPSiU3giVXAjUkAi3AMA/LGRf8Ai1YYhdIPhJQAAACDfjAAdR2LRQwzyTiLgAIAAA+VwQ+2QBQ7wXUHi1YQxkX/AVLo06wAAIvYg8QEiV3whdsPhJoCAACLTfiLVQyDwQSAff8AdB6LRhQDQgxQ/3YQU+j05f//hcB0NbtwFwAA6eYCAACAehQBU/92HA+UwP92GA+2wP92EFCLRhQDQgxQ6LXm//+L2IXbD4W7AgAAi134i0YwhcB0SFDoW6wAAIPEBIlF7IXAD4QkAgAAi00MUP92NP92MIB5KAH/digPlMAPtsBQi0YsA0EgjYs4AQAAUOhj5v//i9iF2w+FaQIAAItd7IXbdQ2LffAzyYl91IlN8Otli0YIOwMPhVr///9Q6PSrAACL+IPEBIl91IX/D4S7AQAA/3YIi1YYV/92MFOLXfCLy+jf5v///3XsiUW06PSrAACDxBSF23QJU+jnqwAAg8QEi0W0M8mJTfCJTew7RggPhWoBAACLVeCLBotd6IlC/ItGCIkCi8MrRRCAff8AiUIEi0YIiUIIdC6LThBqAP91FIkKi0YcU1GLTfhXiUIM6CH2//+L2IX/dFtX6IWrAACDxAQz/+tOi14Ig8j/M9KF23Qai/8Ptgw6QjPIwegID7bJMwSNwEk0BzvTcuiLTeD30FGJQQyNRdSLTfhQ/3UUD7aBgAIAAFD/dejo1fb//4t91IvYhdsPhUgBAACLTeCLVcCLXfiDwjyJVcCLAYPBGIlGCIt16APwiU3gi03Ei0W8QYl16IlNxDtICA+Cs/3//4tF0IPJ/zPShcB0KIt19IvYi/8PtgQyQjPBwekID7bAMwyFwEk0BzvTcuiLdeiLXfiLRdCLVcz30WoA/3UU/3XciUoMi8tQ/3X06DT1//+L2IXbD4W6AAAA/3X06JKqAACLTbiDxASLRQxBi1XMg0XIEIPCEItd+Il13IlVzIlNuDsIcxyLdcjptvz//7twFwAAiU3siU3w63m7WhsAAOtyK3UQM9KJcASDyf+LdQjHBgEAAAA5VeR2Kotd5It12I1JAA+2BDJCM8HB6QgPtsAzDIXASTQHO9Ny6It1CItd+ItFDGoA/3UU99H/dRCJTgiLy/915IsA/3XYiUYE6ID0//+L2MdF9AAAAACF23UDiV30/3XY6NipAACDxAT/dfTozakAAIPEBP918OjCqQAAg8QE/3Xs6LepAACDxARX6K6pAACDxASLw19eW4vlXcIQAFWL7FaLdQiLRjCFwHRCUzPbOR52Jlcz/+sGjZsAAAAAi0Yw/3QHDOh0qQAAQ41/EIPEBDsecumLRjBfW4XAdBBQ6FqpAACDxATHRjAAAAAAajRqAFboLtIAAIPEDF5dwgQAzMzMzMzMzMzMzMzMzMxVi+yLRQiDeAgAdByLTQyDeQgAdA6LAIsJO8FyBncJM8Bdw4PI/13DuAEAAABdw8xVi+xRU1aLdQgz21eLBoXAdF8zyYlN/OsHjaQkAAAAAIt+MAP5aDBlMwdqPP93CP93DOjpsQAAi1cIg8QQM8mF0nQbi0cMg8AIjaQkAAAAAIM4AHQBQYPAPIPqAXXyiU8IQ4tN/IsGg8EQiU38O9hyr2gwZTMHahBQ/3Yw6J+xAAAzyYPEEDP/iU38OQ52KTPbi0Ywg3wDCAB2BkGJTfzrD/90AwzoVqgAAItN/IPEBEeDwxA7PnLZX4kOXluL5V3CBADMzMzMzMzMzMzMzMzMVYvsg+T4g+wcU1aLNTyTNAeLwYlUJCCJRCQMx0QkEHAXAABXhfZ0J41MJBhRUGoIi87/FQBANAf/1oPEDIXAdQ6LRCQci3QkGIlEJBzrB4PO/4l0JByF9nUMuHAXAABfXluL5V3DgH0MAHQNgf4AEAAAdgW+ABAAAFbogacAAIv4g8QEhf91DLhzFwAAX15bi+Vdw4sdPJM0B4XbD4S8AAAAjUQkGIvLUGoAagBqAP90JCBqBv8VAEA0B//Tg8QYhcAPhZYAAACLRCQYI0QkHIP4/w+EhQAAAIsdPJM0B4XbdCiNRCQYi8tQav9q/1ZX/3QkJGoE/xUAQDQH/9ODxByFwHUGi0QkGOsDg8j/O8Z1TItdDI1EJBhTUI1EJBjHRCQgAAAAAFCL1ovP6E8tAACDxAyA+wF1CYP4AXUEi8frCIXAdRiLRCQQi0wkJIXJdAQrx4kBx0QkFAAAAABX6MymAACLRCQYg8QEX15bi+Vdw8zMzMzMzMzMzMzMzMzMVYvsg+wIgz0UkzQHAFNWV4v5i/KJffx1TYsdPJM0BzP2iXX8hdt0Ko1F/IvLUP91CFJXag3/FQBANAf/04t1/IPEFPfYG8D30F8jxl5bi+Vdw7hnGwAA99hfG8D30CPGXluL5V3Diw0gkzQHhckPhNEAAAAz0ovH9/GF0g+FwwAAAIvG9/GF0g+FtwAAAItFCPfxhdIPhaoAAABqEOjepQAAi9iDxASF2w+ElgAAAItF/ItNCAPGA8GJO4lLCDP/i00MiXMEiUX4O8h2Ios1HJM0B2oBaAAgAABRV4vO/xUAQDQH/9aL+IX/dFCLRfiLNRyTNAeLzmoEaAAQAABQV/8VAEA0B//WiUMMhcB0EYX/dAQ7+HUJX16Lw1uL5V3Dhf90GIs1GJM0B4vOaACAAABqAFf/FQBANAf/1lPobqUAAIPEBF9eM8Bbi+Vdw8zMVYvsUYM9FJM0BwBWV4v5dTOLNTyTNAeF9nQaV2oPi87/FQBANAf/1oPECPfYG8BfXovlXcO4ZxsAAPfYXxvAXovlXcNThf90eYsHi18MhcB0Hos1EJM0B41N/FFqIFBTi87/FQBANAf/1oXAdFQDH4tHBIXAdB+LNRCTNAeNTfxRagJQU4vO/xUAQDQH/9aFwHQvA18Ei0cIhcB0HIs1EJM0B41N/FFqBFBTi87/FQBANAf/1oXAdAlbXzPAXovlXcNbX4PI/16L5V3DzMzMzFWL7IPsCFOL2YtNCIXJdQkywFuL5V3CDACAfRAAi0UMD4QwAQAAhcAPhCgBAABXjXsEhf91CI1H/un9AAAAVot3IMdHGAAAAACF9nUTiXcoM8DHRyCADTQHvoANNAfrA4tHKIN/JAB1B8dHJKANNAdo0BsAAGoBUIvO/xUAQDQH/9aDxAyJRfiFwHUKuPz////ppAAAAIlHHIk4x0A4AAAAAMdABDQ/AACDfyAAdGSLTySJTfyFyXRai3cchfZ0Uzk+dU+LRgQtND8AAIP4H3dCi0Y4hcB0HYN+KA90F1D/dyj/FQBANAf/VfyDxAjHRjgAAAAAi8/HRgwFAAAAx0YoDwAAAOh2aQAAiUX8hcB0KesHx0X8/v////91+It3JIvO/3co/xUAQDQH/9aLRfyDxAjHRxwAAAAAXotNDIXAiUsIi00ID5TAiQ9fxgMBW4vlXcIMAIlDCIlDDLABiUsExgMAW4vlXcIMAMzMzMzMVYvsU1ZXi30Mi/GF/3RxgD4AdTCLRgg7x3MCi/hX/3YE/3UI6OPNAAABfgSDxAwpfgiLRRCFwHQ+iTiwAV9eW13CDACLRQiJfhSJRhCNSQCNTgTo6GoAAIXAdAWD+AF1H4tOFIXJdASFwHTki0UQhcB0BCv5iThfXrABW13CDABfXjLAW13CDADMzMzMzMzMVYvsgezYAwAAoQCQNAczxYlF/ItFEFOLXQyJleD8//+Jjdz8//+Jhej8//9Wg/sWD4KgBAAAi3UIiwY5RRQPgpIEAACFwHUQXluLTfwzzeiMoQAAi+Vdw1dqOI2FpPz//2oAUOgPywAAajiNhSz8///GhaD8//8AagBQ6PjKAABqOI2FaPz//8aFKPz//wBqAFDo4coAAItWCjP/i04Si8Il////f8aFZPz//wCJhez8//+B4f///3+LRg6DxCQl////f4mN5Pz//4mF9Pz//zP2A8GJvfD8//+Ljez8//+DwRaJtfj8//8DwTvDD4WRAwAAi10IgHsICA+FhAMAAPZDCQF0KYuN4Pz//8HpAoPpAXQbi5Xc/P//jZsAAAAAi0SK/CkEioPpAXX0i1MKi0UIjY2g/P//i53s/P//g8AWweofUlNQ6LT8//+EwA+EMAMAAItNCItBDsHoH1D/tfT8//+NQRYDw42NKPz//1Doi/z//4TAD4QHAwAAi00Ii0ESg8EWwegfUIuF9Pz///+15Pz//wPDA8GNjWT8//9Q6Fr8//+EwA+E1gIAAIvOi52o/P//hdsPlMCEwA+FLgIAADiFoPz//3UxvwADAAA733MCi/tX/7Wk/P//jYX8/P//UOiTywAAAb2k/P//g8QMK9+Jnaj8///rQ42F/Pz//8eFtPz//wADAACJhbD8//+NjaT8///ok2gAAIXAdAmD+AEPhVoCAACLjbT8//+FyXQEhcB02r8AAwAAK/m4q6qqqvfnweoDjQRSweACK/gPhS0CAACLvfD8//+Nnfz8//+Ly4md5Pz//wPBO8iJhez8//+Ljfj8//8Pgy////+LE4XSD4StAAAAjQQ6O0UUD4ftAQAAg70w/P//AA+UwDwBD4TbAQAAx4X0/P//AAAAAAO96Pz//w+ExQEAAI2F9Pz//1BSV42NKPz//+id/P//hMAPhKkBAACLEzmV9Pz//w+FmwEAADPAhdJ0JYud3Pz//40MMDuN4Pz//3MJjQwDigwxAAwHQDvCcueLneT8////tfj8//+Lz+hPAwAAi73w/P//i8iLhez8//+DxASJjfj8//8D+gPyi1MEib3w/P//hdIPhIMAAACNBDo7RRQPhysBAACDvWz8//8AD5TAPAEPhBkBAADHhfT8//8AAAAAA73o/P//D4QDAQAAjYX0/P//UFJXjY1k/P//6Nv7//+EwA+E5wAAAItTBDmV9Pz//w+F2AAAAP+1+Pz//4vP6LcCAACLvfD8//+LyIuF7Pz//4PEBImN+Pz//wNzCAP6g8MMib3w/P//iZ3k/P//O9gPgpX+///pv/3//4tFCPZACQEPhHwAAACLleD8//+5AQAAAMHqAjvRdhKLndz8//+LRIv8AQSLQTvKcvSLnej8//+L18HqArkBAAL/D4XYCwMA/7X4/AsC/4vP6LcC
    ----- END SNIP -----

    Loaded Modules
    -----------------------------------------------------------------------------
    01300000-019B1000 ESETOnlineScanner_DEU.exe (ESET spol. s r.o.),
    version: 2.0.22.0
    77410000-775AC000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74C40000-74D20000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74980000-74A64000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.9.767
    76550000-76749000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77380000-773FE000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    760C0000-76180000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17763.1 (WinBuild.160101.0800)
    75A30000-75AA9000 sechost.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    767F0000-768AF000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74A80000-74AA0000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74A70000-74A7A000 CRYPTBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    772B0000-77312000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71F20000-71FBC000 apphelp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    763B0000-76549000 USER32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    759B0000-759C7000 win32u.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75A00000-75A23000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74F40000-750A6000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    76EB0000-76F30000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    751C0000-752E3000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77320000-7737F000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75460000-759AD000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    76750000-7678B000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76250000-762D9000 shcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    77030000-772AE000 combase.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    768B0000-76EAA000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750C0000-750DC000 profapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76790000-767E4000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75170000-751B4000 shlwapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    763A0000-763AF000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76210000-76222000 cryptsp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    75F60000-7605B000 ole32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    762E0000-7637B000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    759D0000-759F5000 IMM32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    744A0000-744A6000 MSIMG32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74680000-7488F000 COMCTL32.dll (Microsoft Corporation),
    version: 6.10 (WinBuild.160101.0800)
    73B90000-73C0B000 UxTheme.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    721B0000-7231F000 gdiplus.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    73B80000-73B88000 WSOCK32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    72320000-72374000 OLEACC.dll (Microsoft Corporation),
    version: 7.2.17763.1 (WinBuild.160101.0800)
    744E0000-74504000 WINMM.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73F50000-73FBB000 WINSPOOL.DRV (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    76230000-76249000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    744B0000-744D3000 WINMMBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73D40000-73EBE000 PROPSYS.dll (Microsoft Corporation),
    version: 7.0.17763.1 (WinBuild.160101.0800)
    74510000-74543000 IPHLPAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    5A430000-5A4AC000 RICHED20.DLL (Microsoft Corporation),
    version: 5.31.23.1231
    621C0000-621D7000 USP10.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    5A3F0000-5A421000 msls31.dll (Microsoft Corporation),
    version: 3.10.349.0
    71390000-713B6000 dwmapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74AA0000-74C39000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74E80000-74E8E000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74D40000-74E7D000 MSCTF.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    67720000-677A6000 TextInputFramework.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    03870000-03ADA000 CoreUIComponents.dll (Microsoft Corporation),
    version: 10.0.17763.1
    67380000-6740F000 CoreMessaging.dll (Microsoft Corporation),
    version: 10.0.17763.55
    73D00000-73D29000 ntmarta.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71FC0000-7209B000 wintypes.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74940000-74948000 version.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    736F0000-73742000 mswsock.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73630000-736C0000 DNSAPI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750B0000-750B7000 NSI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    735C0000-73611000 fwpuclnt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73620000-73628000 rasadhlp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    750E0000-75161000 clbcatq.dll (Microsoft Corporation),
    version: 2001.12.10941.16384 (WinBuild.160101.080
    60AA0000-60EC9000 explorerframe.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73750000-73B73000 wininet.dll (Microsoft Corporation),
    version: 11.00.17763.1 (WinBuild.160101.0800)
    73090000-732BD000 iertutil.dll (Microsoft Corporation),
    version: 11.00.17763.1 (WinBuild.160101.0800)
    71920000-71932000 ondemandconnroutehelper.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74550000-7460D000 winhttp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71910000-71918000 WINNSI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    732C0000-7347C000 urlmon.dll (Microsoft Corporation),
    version: 11.00.17763.55 (WinBuild.160101.0800)
    716D0000-716D8000 DPAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74EF0000-74F35000 WINTRUST.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74910000-7493F000 rsaenh.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    713C0000-71433000 schannel.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    716C0000-716D0000 mskeyprotect.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71330000-71352000 ncrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    71300000-7132C000 NTASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74630000-74656000 cryptnet.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    716A0000-716BF000 ncryptsslp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    58E60000-58F77000 esets_apiW_a.DLL (ESET),
    version: 6.0.2999.0
    74660000-74678000 MPR.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74040000-74403000 msi.dll (Microsoft Corporation),
    version: 5.0.17763.1
    74D20000-74D26000 psapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74950000-74973000 userenv.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    03070000-03073000 sfc.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    73070000-7307F000 sfc_os.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74480000-74493000 netapi32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    58E50000-58E59000 SCHEDCLI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74430000-7443B000 NETUTILS.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    74410000-74424000 dhcpcsvc.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)

    Process Trace
    1 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [10900]
    "C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe" EULA
    2 C:\Users\Hilti\Desktop\ESETOnlineScanner_DEU.exe [11552]
    3 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [9900]
    4 C:\Windows\explorer.exe [7068]
    5 C:\Windows\System32\userinit.exe [7052]

    Thumbprint
    db5079f61b81c98e6d8ad4ca95d7da8d0039b61ca84f1831acb32a6450cba3b3</Data>
    </EventData>
    </Event>
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Smooth update to build 767.

    Win 10 Pro 1803 build 17134.376 / Emsisoft also.
     
  15. emil emil

    emil emil Registered Member

    Joined:
    May 5, 2016
    Posts:
    28
    cant scan computer
    failed
     

    Attached Files:

  16. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Running smooth here (Windows 7 Pro SP1 x64). Earlier problems with MS Office 2013 (Control-flow Integrity) were fixed after update of Emsisoft Anti-Malware or HMPA.
     
  17. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Quick fix is to manually install HitmanPro scanner
    http://get.hitmanpro.com
     
  18. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    FP?

    Logboeknaam: Application
    Bron: HitmanPro.Alert
    Datum: 5-11-2018 17:40:17
    Gebeurtenis-id:800
    Taakcategorie: Anti-Malware
    Niveau: Fout
    Trefwoorden: Klassiek
    Gebruiker: n.v.t.
    Computer: ****
    Beschrijving:
    Malware found:
    Gen:Variant.Ulise.1616
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Mitigation MalwareBlocked

    Platform 10.0.17763/x64 v767 06_5e
    PID 13248
    Application C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    Description Gen:Variant.Ulise.1616

    SHA256: f8638ae642ca4ee4a408e4d52e3e1c52d87423ee8e533bf1795a47303e1f9215
     
  19. guest

    guest Guest

    Manually updated on top of 765, no problems so far.
     
  20. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    I am using build 767 with no problem. However, I am seeing an unsecured internet connection occurring periodically throughout the day:
    HMPAConnection.jpg
    I have the Anti-Malware feature turned off.

    I can understand a one time license/update check a day but this is happening quite often. Is it possibly a feature of the beta process?
     
  21. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    HitmanPro.Alert 3.7.9 Build 767 Release Candidate 3 running fine for me.
     
  22. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    HitmanPro.Alert 3.7.9 Build 769 Release Candidate 4

    Changelog (compared to build 767)

    Improved
    • Reduction of false-positives for Code Cave alerts.
    Download
    http://test.hitmanpro.com/hmpalert3b769.exe

    We will also auto-update the current 767 RC users.
    Please let us know how this version runs on your endpoints! :thumb:

    If this version has no major defects it will be promoted to the next stable release.
     
  23. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    Same as all recent RC's:
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    No problem with the update here.
     
  25. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Updated here. Will report back after it has been running awhile.

    Edit: No problems so far with HMPA 3.7.9 769.
     
    Last edited: Nov 15, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.