HitmanPro.Alert 3.7.9 Build 773 Release Candidate (re-release) Changelog (compared to build 771): Changed Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect" Improved Heap Heap Protect CodeCave Fixed Trend Micro Intruder/Safe Browsing incompatibility Download http://test.hitmanpro.com/hmpalert3b773.exe Hi all, we found a small issue in the previous 773, so we re-released it. Current 773 users will be automatically upgraded to the new 773. Please let us know how this version runs on your endpoints!
Spoiler: Mitigation Shellcode Mitigation Shellcode Timestamp 2019-01-20T08:53:39 Platform 10.0.17763/x64 v773 06_9e PID 5268 Feature 00170A30000001A2 Application C:\Users\X\AppData\Local\SidebarDiagnostics\app-3.5.2\SidebarDiagnostics.exe Created 2018-12-23T16:23:57 Modified 2018-12-23T16:23:57 Description Sidebar Diagnostics 3.5.2 Shellcode (HHA) (0x00001000 bytes) CALLER is inside localAlloc mem Owner of CALLER: (anonymous; allocated by 00007FFF3634D3EF, clr.dll) (anonymous; clr.dll)+0x4A8A8 00007FFED6DBA8A8 ffd0 CALL RAX 00007FFED6DBA8AA 41c6470c01 MOV BYTE [R15+0xc], 0x1 00007FFED6DBA8AF 833d3a98ec5f00 CMP DWORD [RIP+0x5fec983a], 0x0 00007FFED6DBA8B6 7406 JZ 0x7ffed6dba8be 00007FFED6DBA8B8 ff156aa4ec5f CALL QWORD [RIP+0x5feca46a] 00007FFED6DBA8BE 41c6470c01 MOV BYTE [R15+0xc], 0x1 00007FFED6DBA8C3 488b5590 MOV RDX, [RBP-0x70] 00007FFED6DBA8C7 49895710 MOV [R15+0x10], RDX 00007FFED6DBA8CB 488d65c8 LEA RSP, [RBP-0x38] 00007FFED6DBA8CF 5b POP RBX 00007FFED6DBA8D0 5e POP RSI 00007FFED6DBA8D1 5f POP RDI 00007FFED6DBA8D2 415c POP R12 00007FFED6DBA8D4 415d POP R13 00007FFED6DBA8D6 415e POP R14 00007FFED6DBA8D8 415f POP R15 ----- SNIP HERE ----- AAIWAQCg29b+fwAAqKjb1v5/AAAAoNvW/n8AAAAQAADASIO94BYEAHQLTIuF4BYDAEWLQAjoNcNxX5BIg8QoW15fQVxBXUFeQV9dwxYDABkYCyUYAxMBFQAMMAtgCnAJwAfQBeAD8AFQFgIAQBYDABkQCQAQQgwwC2AKcAnAB9AF4APwAVAWAgBAFg8AeBvz1v5/FgIAVUFXQVZBVUFUV1ZTSIPsaEiNrCSgFgMATIlVwEiL8UiNTYhJi9LoFa5YX0iL+EiLzEiJTahIi81IiU24SI1NiEiJTxBIi03A6OOkY19Ii03ASItJIEiLAUiLzkUz20iLVcBIiVWYSI0VChYDAEiJVbDGRwwA/9DGRwwBgz3un+xfAHQG/xUerOxfhcAPlcAPtsAPtsDGRwwBSItVkEiJVxBIjWXIW15fQVxBXUFeQV9dwxYCABkQCQAQwgwwC2AKcAnAB9AF4APwAVAWAgBAFgsAwErz1v5/FgIAVVdIg+x4SI2sJIAWAwBIjX2ouRQWAwAzwPOrSLlqdDc0/38WAgC6AxYDAOihhFhfSIlFyEi58Pvx1v5/FgIA6E4pcV9IiUXwSItNyEiLVfDoXSdxX0i5UPxW7q8CFgIASItVyOj6nVhfSLlqdDc0/38WAgC6ChYDAOhWhFhfSIlFwEi5sPrx1v5/FgIA6AMpcV9IiUXoSItNwEiLVRYC6BIncV9IuVj8Vu6vAhYCAEiLVcDor51YX0i5anQ3NP9/FgIAukQWAwDoC4RYX0iJRbhIudD78db+fxYCAOi4KHFfSIlF4EiLTbhIi1Xg6McmcV9IuWj8Vu6vAhYCAEiLVbjoZJ1YX0i5anQ3NP9/FgIAuiUWAwDowINYX0iJRbBIuVD68db+fxYCAOhtKHFfSIlF2EiLTbBIi1XY6HwmcV9IuXD8Vu6vAhYCAEiLVbDoGZ1YX0i5anQ3NP9/FgIAuhsWAwDodYNYX0iJRahIudD58db+fxYCAOgiKHFfSIlF0EiLTahIi1XQ6DEmcV9IuXj8Vu6vAhYCAEiLVajozpxYX5BIjWX4X13DFgIAGQYDAAbiAnABUBYCAEAWDwBoT/PW/n8WAgBBV0FWQVRXVlVTSIPsMOiN8bJdi0ggSLhY/FburwIWAgBIizCD+QR0CIH5gBYDAHUPSLh4/FburwIWAgBIizjrDUi4cPxW7q8CFgIASIs4i0YIA0cISGPASIkF5KoVAIP5BHQMgfmAFgMAD4V6AxYCAEi5SDFX7q8CFgIASIsJ6OFdqV1Ii9hIulAxV+6vAhYCAEiLEkiLy0iLA0iLQEj/UChIi8hIulgxV+6vAhYCAEiLEjkJ6K1LqV1Ii+hIumAxV+6vAhYCAEiLEkiLy0iLA0iLQEj/UChMi/BIumgxV+6vAhYCAEiLEkmLzkG4HBYDAEmLBkiLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi/hIuhCeqTT/fxYCAEk5F3QSSYvXSLkQnqk0/38WAgDoanpeX0WLfwhIunAxV+6vAhYCAEiLEkmLzkG4HBYDAEmLBkiLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi+BIuhCeqTT/fxYCAEk5FCR0EkmL1Ei5EJ6pNP9/FgIA6BJ6Xl9FC3wkCEi6gNdc7q8CFgIASIsSSYvOQbgcFgMASYsGSItAeP9QCEiLyDPSSIsASItAWP9QGEyL4Ei6EJ6pNP9/FgIASTkUJHQSSYvUSLkQnqk0/38WAgDouXleX0GL10ELVCQISYvO6AlepF1Mi/BIuojXXO6vAhYCAEiLEkiLy0iLA0iLQEj/UChIi9hIupDXXO6vAhYCAEiLEkiLy0G4HBYDAEiLA0iLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi/hIuhCeqTT/fxYCAEk5F3QSSYvXSLkQnqk0/38WAgDoNnleX0WLfwhIupjXXO6vAhYCAEiLEkiLy0G4HBYDAEiLA0iLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi+BIuhCeqTT/fxYCAEk5FCR0EkmL1Ei5EJ6pNP9/FgIA6N54Xl9Bi9dBC1QkCEiLy+guXaRdSIvYSLkCdDc0/38WAgC6BhYDAOiXgFhfTIv4SLnwR6g0/38WAgDoNX9YX0yLwDPJSYlICEmLzzPS6GKbWF9IuQhIqTT/fxYCAOgTf1hfTIvASIsNKagVAEmJSAhJi8+6ARYDAOg4m1hfSYvPTYvGugIWAwDoKJtYX0mLz0yLw7oDFgMA6BibWF9IuRCeqTT/fxYCAOjJflhfTIvAQcdACBYE/0mLz7oEFgMA6PGaWF9IuRCeqTT/fxYCAOiiflhfTIvAM8lBiUgISYvPugUWAwDozJpYX0yJfCQgM8lIiUwkKEiLzTPSRTPARTPJSItFAEiLQFj/UCBIi9hIuvBHqDT/fxYCAEg5E3QSSIvTSLnwR6g0/38WAgDotndeX0iLUwhIiRVTpxUA6yFIixVSpxUAM8lBuAAwFgIAQblAFgMA6IehFgL/SIkFMKcVAEyLBSmnFQBEi04ISIvOM9LoE65zX0iLHRSnFQBIuVgH9Nb+fxYCAOgNTllfSIvQSIvL6LJTpF1IhcB0EUi6WAf01v5/FgIASDkQdAIzwEi5SPxW7q8CFgIASIvQ6DqYWF9Iiw3LphUARItOCE1jyUmNNAlEi08ISIvPTIvGM9Lop61zX0i58Aj01v5/FgIA6KhNWV9Ii9BIi87oTVOkXUiFwHQRSLrwCPTW/n8WAgBIORB0AjPASLlg/FburwIWAgBIi9Do1ZdYX5BIg8QwW11eX0FcQV5BX8MAGQ4IAA5SCjAJUAhgB3AGwATgAvBAFgcAaFDz1v5/FgIAVUFXQVZBVUFUV1ZTSIPsaEiNrCSgFgMATIlVwEiL8UiL+kGL2EWL8UiNTYhJi9LobKZYX0yL+EiLzEiJTahIi81IiU24SI1NiEmJTxBIi03A6DqdY19MY8NNY85Ii03ASItJIEiLAUiLzkiL10Uz20yLVcBMiVWYTI0VCxYDAEyJVbBBxkcMAP/QQcZHDAGDPTqY7F8AdAb/FWqk7F9BxkcMAUiLVZBJiVcQSI1lyFteX0FcQV1BXkFfXcMZEAkAEMIMMAtgCnAJwAfQBeAD8AFQFgIAQBYAABYAABYAABYAABYAABYAABYAABYLAA== ----- END SNIP ----- Loaded Modules ----------------------------------------------------------------------------- 000002AFDC3F0000-000002AFDC510000 SidebarDiagnostics.exe (Happa Media LLC), version: 3.5.2.0 00007FFF4D0E0000-00007FFF4D2CD000 ntdll.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFF374A0000-00007FFF37504000 MSCOREE.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4CE90000-00007FFF4CF43000 KERNEL32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF49A70000-00007FFF49D03000 KERNELBASE.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFF48DA0000-00007FFF48EE8000 hmpalert.dll (SurfRight B.V.), version: 3.7.9.773 00007FFF4B2C0000-00007FFF4B363000 ADVAPI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4B000000-00007FFF4B09E000 msvcrt.dll (Microsoft Corporation), version: 7.0.17763.1 (WinBuild.160101.0800) 00007FFF4B0A0000-00007FFF4B13E000 sechost.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A380000-00007FFF4A4A2000 RPCRT4.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFF36FD0000-00007FFF3706C000 mscoreei.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF4A780000-00007FFF4A7D2000 SHLWAPI.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4AB20000-00007FFF4AE4D000 combase.dll (Microsoft Corporation), version: 10.0.17763.253 (WinBuild.160101.0800) 00007FFF49F60000-00007FFF4A05C000 ucrtbase.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A290000-00007FFF4A30E000 bcryptPrimitives.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4AA20000-00007FFF4AA49000 GDI32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF49D10000-00007FFF49EAA000 gdi32full.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFF491B0000-00007FFF49250000 msvcp_win.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A5E0000-00007FFF4A777000 USER32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFF49A50000-00007FFF49A70000 win32u.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4CDF0000-00007FFF4CE1E000 IMM32.DLL (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF490E0000-00007FFF490F1000 kernel.appcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF423A0000-00007FFF423AA000 VERSION.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF36340000-00007FFF36D2D000 clr.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF360B0000-00007FFF361A7000 MSVCR120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 00007FFF34370000-00007FFF358FB000 mscorlib.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF4CF50000-00007FFF4D0A5000 ole32.dll (Microsoft Corporation), version: 10.0.17763.134 (WinBuild.160101.0800) 00007FFF475C0000-00007FFF4765C000 uxtheme.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF33180000-00007FFF33DC0000 System.ni.dll (Microsoft Corporation), version: 4.7.3314.0 built by: NET472REL1LAST_B 00007FFF326E0000-00007FFF33130000 System.Core.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF2C590000-00007FFF2CA79000 WindowsBase.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF4A270000-00007FFF4A287000 CRYPTSP.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF483E0000-00007FFF48413000 rsaenh.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A060000-00007FFF4A086000 bcrypt.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF489F0000-00007FFF489FC000 CRYPTBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF24260000-00007FFF2503C000 PresentationCore.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF22A60000-00007FFF240B3000 PresentationFramework.ni.dll (Microsoft Corporation), version: 4.7.3260.0 00007FFF227F0000-00007FFF22A5A000 System.Xaml.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF2CD70000-00007FFF2D06F000 dwrite.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFF22640000-00007FFF227F0000 wpfgfx_v0400.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF4AA50000-00007FFF4AB1B000 OLEAUT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF22590000-00007FFF2263E000 MSVCP120_CLR0400.dll (Microsoft Corporation), version: 12.00.52519.0 built by: VSWINSERVICING 00007FFF2AF20000-00007FFF2B030000 PresentationNative_v0400.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF33F90000-00007FFF340BB000 clrjit.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF21130000-00007FFF21259000 System.Configuration.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF2EB10000-00007FFF2F39C000 System.Xml.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF4B380000-00007FFF4C86F000 shell32.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFF49F10000-00007FFF49F5A000 cfgmgr32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A7E0000-00007FFF4A888000 shcore.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF49300000-00007FFF49A4A000 windows.storage.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFF49160000-00007FFF49184000 profapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF49100000-00007FFF4915D000 powrprof.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF476E0000-00007FFF4770E000 dwmapi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A090000-00007FFF4A26B000 CRYPT32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF49190000-00007FFF491A2000 MSASN1.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4B150000-00007FFF4B2BA000 MSCTF.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF1DD40000-00007FFF1DDDA000 PresentationFramework.Aero2.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF1D5E0000-00007FFF1D62F000 System.Numerics.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF1B500000-00007FFF1B833000 System.Runtime.Serialization.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF1ABC0000-00007FFF1B4FF000 System.Data.ni.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF1A850000-00007FFF1ABB6000 System.Data.dll (Microsoft Corporation), version: 4.7.3260.0 built by: NET472REL1LAST_C 00007FFF4CE20000-00007FFF4CE8D000 WS2_32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF4A970000-00007FFF4AA12000 clbcatq.dll (Microsoft Corporation), version: 2001.12.10941.16384 (WinBuild.160101.080 00007FFF455C0000-00007FFF4567E000 taskschd.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF48FE0000-00007FFF4900F000 SspiCli.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF44040000-00007FFF4407A000 XmlLite.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF48F40000-00007FFF48FDB000 sxs.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF3ED80000-00007FFF3EF57000 urlmon.dll (Microsoft Corporation), version: 11.00.17763.168 (WinBuild.160101.0800) 00007FFF3E430000-00007FFF3E6D8000 iertutil.dll (Microsoft Corporation), version: 11.00.17763.253 (WinBuild.160101.0800) 00007FFF43E00000-00007FFF43FB8000 WindowsCodecs.dll (Microsoft Corporation), version: 10.0.17763.55 (WinBuild.160101.0800) 00007FFF15F30000-00007FFF16118000 System.Drawing.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF3DFA0000-00007FFF3E13E000 d3d9.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF15CB0000-00007FFF15F23000 igdumdim64.dll (Intel Corporation), version: 25.20.100.6444 00007FFF12570000-00007FFF15CA4000 igd9dxva64.dll (Intel Corporation), version: 25.20.100.6444 00007FFF45BA0000-00007FFF45BB3000 wtsapi32.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF480D0000-00007FFF48128000 WINSTA.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF22420000-00007FFF22476000 dataexchange.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF46050000-00007FFF462CE000 d3d11.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF469E0000-00007FFF46BA3000 dcomp.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF47D20000-00007FFF47DE2000 dxgi.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF47710000-00007FFF4791D000 twinapi.appcore.dll (Microsoft Corporation), version: 10.0.17763.168 (WinBuild.160101.0800) 00007FFF47690000-00007FFF476B8000 RMCLIENT.dll (Microsoft Corporation), version: 10.0.17763.194 (WinBuild.160101.0800) 00007FFF2FD20000-00007FFF2FD41000 igdinfo64.dll (), version: 00007FFF3F7C0000-00007FFF41729000 igc64.dll (Intel Corporation), version: 25.20.100.6444 00007FFF47040000-00007FFF47064000 WINMM.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF47010000-00007FFF4703D000 WINMMBASE.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF45BF0000-00007FFF46042000 D3DCOMPILER_47.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF1BA00000-00007FFF1BB5E000 System.Management.ni.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF2FB90000-00007FFF2FBBE000 wminet_utils.dll (Microsoft Corporation), version: 4.7.3190.0 built by: NET472REL1LAST_C 00007FFF3A140000-00007FFF3A166000 wmiutils.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF3C300000-00007FFF3C385000 wbemcomn.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF3C390000-00007FFF3C3A1000 wbemprox.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF3A380000-00007FFF3A394000 wbemsvc.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF3A480000-00007FFF3A571000 fastprox.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) 00007FFF48060000-00007FFF48091000 ntmarta.dll (Microsoft Corporation), version: 10.0.17763.1 (WinBuild.160101.0800) Process Trace 1 C:\Users\X\AppData\Local\SidebarDiagnostics\app-3.5.2\SidebarDiagnostics.exe [5268] 2 C:\Windows\System32\svchost.exe [1396] C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule Thumbprint c153987dfdca5d7427952ad3c59a2c0cbd005560313388f0de74e58bffd8b7b5 Not happening with stable version of HitmanPro.Alert, link to the application been mitigated: Spoiler: Sidebar Diagnostics https://github.com/ArcadeRenegade/SidebarDiagnostics/releases/tag/3.5.2 Opened Issue on proper Github page: Spoiler: Issue https://github.com/ArcadeRenegade/SidebarDiagnostics/issues/217
Actually, the official internal name of the mitigation is Heap Heap Hooray. If you turn Heap Heap Protect off, you get a registry key under HKLM\Software\HitmanPro.Alert\HeapHeapHooray This mitigation is arguably the most interesting protection we ever built. It is relatively simple but catches multi-stage attacks like Meterpreter, CCleaner APT but also the Emotet Trojan that's dropping crypto-ransomware around the globe, but is very successful in evading even next-gen security products. So it catches a plethora of attacks. Thanks to our flexible platform we can easily build signature-less run-time mitigations like Heap Heap Protect. We're still tuning this mitigation though, build 775 is coming!
HitmanPro.Alert 3.7.9 Build 775 Release Candidate Changelog (compared to build 773): Improved Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly. Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications. Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs. Alert info regarding our real-time Anti-Malware and Code Cave mitigation. Fixed Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack. Download http://test.hitmanpro.com/hmpalert3b775.exe Please let us know how this version runs on your machine. Thanks!
No problems upgrading/updating build 775 RC. Win10 1809 build 17763.253 x64/Norton Security v22.16.3.21
I just tried the newest build 3.7.9.775 and its having the same issues regarding this: https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-47#post-2767977 https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-47#post-2768044 What will this be fixed?
Why does Alt+tab still stick w/keystroke encryption enabled? I don't think anybody ever addressed this beyond confirming it?
same windows build here, fresh installs on two machines have the same alt+tab quirk they have had forever w/keystroke encryption enabled (i forgot about the issue until i reinstalled hmp, as i have keystroke encryption off due to it)
I've never used that shortcut and had to Google what it does. Seems to work here as it should with Keystroke Encryption enabled.
funny. i figured everybody knew about it. you can spice it up by using winkey+tab to use the win10 equiv of macos "expose", if you prefer it to look fancy. at any rate, i figured out what in particular is causing it and opened a ticket. 3 years in, same stupid bug. (1password browser extension incompatibility. had a ticket about it back in 2016)