HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    I don't understand you. I use the 64bit version of Jdownloader.

    2019-03-26_081912.jpg
     
  2. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Your previous screenshot showed it in \Program files (x86)\JDownloader hence I assumed 32bit.
    I ran a fresh install in the user profile folder, and the machine did not have Java installed, I also see sandboxie running is anything for JDownloader configured to run sandboxed?
     
  3. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    "I also see sandboxie running is anything for JDownloader configured to run sandboxed?"

    JDownloader is not running in the sandbox.
     
  4. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    I updated the YetAnotherFaviconDownloader.plgx plugin of KeePass 2 (KeePass 2.41) from 1.2 to 1.2.1.0 and then alerted HitmanPro.Alert (3.7.9 build 777). https://github.com/navossoc/KeePass-Yet-Another-Favicon-Downloader/releases

    Code:
    Napló neve:    Application
    Forrás:        HitmanPro.Alert
    Dátum:         2019. 04. 01. 6:08:21
    Eseményazonosító:911
    Feladatkategória:Mitigation
    Szint:         Hiba
    Kulcsszavak:   Klasszikus
    Felhasználó:   n.a.
    Számítógép:    DESKTOP-J0VB0BC
    Leírás:
    Mitigation   Lockdown
    Timestamp    2019-04-01T04:08:21
    
    Platform     10.0.17763/x64 v777 06_9e
    PID          9212
    Feature      00171A361FBF01B6
    Application  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
    Created      2018-09-11T05:00:14
    Modified     2019-01-09T09:58:38
    Description  KeePass 2.41
    
    Filename     C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    
    Command line:
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\3nfoa03i.cmdline"
    
    Loaded Modules
    -----------------------------------------------------------------------------
    0000000000DE0000-0000000001104000 KeePass.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFC1C520000-00007FFC1C70D000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC1A710000-00007FFC1A7C3000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFC0E140000-00007FFC0E1A4000 MSCOREE.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC187D0000-00007FFC18A63000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18140000-00007FFC18326000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.7.9.777
    00007FFC1A1D0000-00007FFC1A273000 ADVAPI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC19DC0000-00007FFC19E5E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.17763.1 (WinBuild.160101.0800)
    00007FFC1A120000-00007FFC1A1BE000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1C050000-00007FFC1C172000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFC0DFA0000-00007FFC0E03C000 mscoreei.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC1BF70000-00007FFC1BFC2000 SHLWAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1A3E0000-00007FFC1A70D000 combase.dll (Microsoft Corporation),
                                      version: 10.0.17763.253 (WinBuild.160101.0800)
    00007FFC18A90000-00007FFC18B8A000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC186C0000-00007FFC1873E000 bcryptPrimitives.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC19E60000-00007FFC19E89000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC195B0000-00007FFC1974A000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.17763.316 (WinBuild.160101.0800)
    00007FFC194C0000-00007FFC19560000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC1A830000-00007FFC1A9C7000 USER32.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFC18A70000-00007FFC18A90000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC19D90000-00007FFC19DBE000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18520000-00007FFC18531000 kernel.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC13570000-00007FFC1357A000 VERSION.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD6300000-00007FFBD6CED000 clr.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFBD6E90000-00007FFBD6F87000 MSVCR120_CLR0400.dll (Microsoft Corporation),
                                      version: 12.00.52519.0 built by: VSWINSERVICING
    00007FFBD4D60000-00007FFBD62F1000 mscorlib.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC1A280000-00007FFC1A3D5000 ole32.dll (Microsoft Corporation),
                                      version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFC16970000-00007FFC16A0C000 uxtheme.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBED930000-00007FFBED94C000 StartMenuXHook.dll (OrdinarySoft.),
                                      version: 5.8.1.0
    00007FFBEC0B0000-00007FFBEC159000 COMCTL32.dll (Microsoft Corporation),
                                      version: 5.82 (WinBuild.160101.0800)
    00007FFC185F0000-00007FFC18607000 CRYPTSP.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17770000-00007FFC177A3000 rsaenh.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC187A0000-00007FFC187C6000 bcrypt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17D80000-00007FFC17D8C000 CRYPTBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD4110000-00007FFBD4D51000 System.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFBD3710000-00007FFBD410B000 KeePass.ni.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFBD3520000-00007FFBD3709000 System.Drawing.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFBD25D0000-00007FFBD351D000 System.Windows.Forms.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFC1C3E0000-00007FFC1C488000 ShCore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD1B80000-00007FFBD25D0000 System.Core.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFBD6D60000-00007FFBD6E8B000 System.Configuration.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFBD12F0000-00007FFBD1B7C000 System.Xml.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC1A9D0000-00007FFC1BEC0000 shell32.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC19560000-00007FFC195AA000 cfgmgr32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18B90000-00007FFC192DA000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18540000-00007FFC18564000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18570000-00007FFC185CD000 powrprof.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC07580000-00007FFC077F9000 comctl32.dll (Microsoft Corporation),
                                      version: 6.10 (WinBuild.160101.0800)
    00007FFC16D80000-00007FFC16DAE000 dwmapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC192E0000-00007FFC194BB000 CRYPT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC185D0000-00007FFC185E2000 MSASN1.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD11C0000-00007FFBD12EB000 clrjit.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC07570000-00007FFC0757C000 secur32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18450000-00007FFC1847F000 SSPICLI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1C180000-00007FFC1C2EA000 MSCTF.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC19F20000-00007FFC19FEB000 OLEAUT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFBF14B0000-00007FFBF1655000 gdiplus.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFBF8B50000-00007FFBF8E4F000 DWrite.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFBD1120000-00007FFBD11B9000 RichEd20.DLL (Microsoft Corporation),
                                      version: 5.31.23.1231
    00007FFBD8EB0000-00007FFBD8EC9000 USP10.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD10E0000-00007FFBD1119000 msls31.dll (Microsoft Corporation),
                                      version: 3.10.349.0
    00007FFC13B00000-00007FFC13CB8000 WindowsCodecs.dll (Microsoft Corporation),
                                      version: 10.0.17763.55 (WinBuild.160101.0800)
    00007FFC1BEC0000-00007FFC1BF62000 clbcatq.dll (Microsoft Corporation),
                                      version: 2001.12.10941.16384 (WinBuild.160101.080
    00007FFBED110000-00007FFBED166000 dataexchange.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC15400000-00007FFC1567E000 d3d11.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC15DA0000-00007FFC15F63000 dcomp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC170B0000-00007FFC17172000 dxgi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC16A90000-00007FFC16C9D000 twinapi.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC16A40000-00007FFC16A68000 RMCLIENT.dll (Microsoft Corporation),
                                      version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFBD1030000-00007FFBD10D4000 tiptsf.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBFA310000-00007FFBFA3A5000 TextInputFramework.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC144E0000-00007FFC14802000 CoreUIComponents.dll (Microsoft Corporation),
                                      version: 10.0.17763.1
    00007FFC15F70000-00007FFC16052000 CoreMessaging.dll (Microsoft Corporation),
                                      version: 10.0.17763.194
    00007FFC173F0000-00007FFC17421000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC13F60000-00007FFC140B3000 wintypes.dll (Microsoft Corporation),
                                      version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFC14F50000-00007FFC14F63000 wtsapi32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17460000-00007FFC174B8000 WINSTA.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC0E880000-00007FFC0EA56000 urlmon.dll (Microsoft Corporation),
                                      version: 11.00.17763.379 (WinBuild.160101.0800)
    00007FFC07820000-00007FFC07AC8000 iertutil.dll (Microsoft Corporation),
                                      version: 11.00.17763.379 (WinBuild.160101.0800)
    00007FFC14D70000-00007FFC14F18000 PROPSYS.dll (Microsoft Corporation),
                                      version: 7.0.17763.348 (WinBuild.160101.0800)
    00007FFC03AD0000-00007FFC03ADE000 httpapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1C2F0000-00007FFC1C35D000 ws2_32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17BB0000-00007FFC17C17000 mswsock.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC17960000-00007FFC17A26000 DNSAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC19E90000-00007FFC19E98000 NSI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17910000-00007FFC1794D000 IPHLPAPI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC073C0000-00007FFC073CA000 rasadhlp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC0A720000-00007FFC0A799000 fwpuclnt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBEE2A0000-00007FFBEE2A9000 IconCodecService.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17E10000-00007FFC17E35000 wldp.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18740000-00007FFC18799000 WINTRUST.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18420000-00007FFC18448000 USERENV.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [9212] 2019-04-01T04:08:19
    2  C:\Windows\explorer.exe [6312] 2019-04-01T04:08:01
    3  C:\Windows\System32\userinit.exe [6168] 2019-04-01T04:08:00
    
    Thumbprint
    f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5
    Esemény XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2019-04-01T04:08:21.484434600Z" />
        <EventRecordID>18192</EventRecordID>
        <Channel>Application</Channel>
        <Computer>DESKTOP-J0VB0BC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe</Data>
        <Data>Lockdown</Data>
        <Data>Mitigation   Lockdown
    Timestamp    2019-04-01T04:08:21
    
    Platform     10.0.17763/x64 v777 06_9e
    PID          9212
    Feature      00171A361FBF01B6
    Application  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
    Created      2018-09-11T05:00:14
    Modified     2019-01-09T09:58:38
    Description  KeePass 2.41
    
    Filename     C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    
    Command line:
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\3nfoa03i.cmdline"
    
    Loaded Modules
    -----------------------------------------------------------------------------
    0000000000DE0000-0000000001104000 KeePass.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFC1C520000-00007FFC1C70D000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC1A710000-00007FFC1A7C3000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFC0E140000-00007FFC0E1A4000 MSCOREE.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC187D0000-00007FFC18A63000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18140000-00007FFC18326000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.7.9.777
    00007FFC1A1D0000-00007FFC1A273000 ADVAPI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC19DC0000-00007FFC19E5E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.17763.1 (WinBuild.160101.0800)
    00007FFC1A120000-00007FFC1A1BE000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1C050000-00007FFC1C172000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFC0DFA0000-00007FFC0E03C000 mscoreei.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC1BF70000-00007FFC1BFC2000 SHLWAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1A3E0000-00007FFC1A70D000 combase.dll (Microsoft Corporation),
                                      version: 10.0.17763.253 (WinBuild.160101.0800)
    00007FFC18A90000-00007FFC18B8A000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC186C0000-00007FFC1873E000 bcryptPrimitives.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC19E60000-00007FFC19E89000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC195B0000-00007FFC1974A000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.17763.316 (WinBuild.160101.0800)
    00007FFC194C0000-00007FFC19560000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC1A830000-00007FFC1A9C7000 USER32.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFC18A70000-00007FFC18A90000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC19D90000-00007FFC19DBE000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18520000-00007FFC18531000 kernel.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC13570000-00007FFC1357A000 VERSION.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD6300000-00007FFBD6CED000 clr.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFBD6E90000-00007FFBD6F87000 MSVCR120_CLR0400.dll (Microsoft Corporation),
                                      version: 12.00.52519.0 built by: VSWINSERVICING
    00007FFBD4D60000-00007FFBD62F1000 mscorlib.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC1A280000-00007FFC1A3D5000 ole32.dll (Microsoft Corporation),
                                      version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFC16970000-00007FFC16A0C000 uxtheme.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBED930000-00007FFBED94C000 StartMenuXHook.dll (OrdinarySoft.),
                                      version: 5.8.1.0
    00007FFBEC0B0000-00007FFBEC159000 COMCTL32.dll (Microsoft Corporation),
                                      version: 5.82 (WinBuild.160101.0800)
    00007FFC185F0000-00007FFC18607000 CRYPTSP.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17770000-00007FFC177A3000 rsaenh.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC187A0000-00007FFC187C6000 bcrypt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17D80000-00007FFC17D8C000 CRYPTBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD4110000-00007FFBD4D51000 System.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFBD3710000-00007FFBD410B000 KeePass.ni.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFBD3520000-00007FFBD3709000 System.Drawing.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFBD25D0000-00007FFBD351D000 System.Windows.Forms.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFC1C3E0000-00007FFC1C488000 ShCore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD1B80000-00007FFBD25D0000 System.Core.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFBD6D60000-00007FFBD6E8B000 System.Configuration.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFBD12F0000-00007FFBD1B7C000 System.Xml.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC1A9D0000-00007FFC1BEC0000 shell32.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC19560000-00007FFC195AA000 cfgmgr32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18B90000-00007FFC192DA000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18540000-00007FFC18564000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18570000-00007FFC185CD000 powrprof.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC07580000-00007FFC077F9000 comctl32.dll (Microsoft Corporation),
                                      version: 6.10 (WinBuild.160101.0800)
    00007FFC16D80000-00007FFC16DAE000 dwmapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC192E0000-00007FFC194BB000 CRYPT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC185D0000-00007FFC185E2000 MSASN1.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD11C0000-00007FFBD12EB000 clrjit.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC07570000-00007FFC0757C000 secur32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC18450000-00007FFC1847F000 SSPICLI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1C180000-00007FFC1C2EA000 MSCTF.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC19F20000-00007FFC19FEB000 OLEAUT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFBF14B0000-00007FFBF1655000 gdiplus.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFBF8B50000-00007FFBF8E4F000 DWrite.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFBD1120000-00007FFBD11B9000 RichEd20.DLL (Microsoft Corporation),
                                      version: 5.31.23.1231
    00007FFBD8EB0000-00007FFBD8EC9000 USP10.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBD10E0000-00007FFBD1119000 msls31.dll (Microsoft Corporation),
                                      version: 3.10.349.0
    00007FFC13B00000-00007FFC13CB8000 WindowsCodecs.dll (Microsoft Corporation),
                                      version: 10.0.17763.55 (WinBuild.160101.0800)
    00007FFC1BEC0000-00007FFC1BF62000 clbcatq.dll (Microsoft Corporation),
                                      version: 2001.12.10941.16384 (WinBuild.160101.080
    00007FFBED110000-00007FFBED166000 dataexchange.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC15400000-00007FFC1567E000 d3d11.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC15DA0000-00007FFC15F63000 dcomp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC170B0000-00007FFC17172000 dxgi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC16A90000-00007FFC16C9D000 twinapi.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC16A40000-00007FFC16A68000 RMCLIENT.dll (Microsoft Corporation),
                                      version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFBD1030000-00007FFBD10D4000 tiptsf.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBFA310000-00007FFBFA3A5000 TextInputFramework.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC144E0000-00007FFC14802000 CoreUIComponents.dll (Microsoft Corporation),
                                      version: 10.0.17763.1
    00007FFC15F70000-00007FFC16052000 CoreMessaging.dll (Microsoft Corporation),
                                      version: 10.0.17763.194
    00007FFC173F0000-00007FFC17421000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC13F60000-00007FFC140B3000 wintypes.dll (Microsoft Corporation),
                                      version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFC14F50000-00007FFC14F63000 wtsapi32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17460000-00007FFC174B8000 WINSTA.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC0E880000-00007FFC0EA56000 urlmon.dll (Microsoft Corporation),
                                      version: 11.00.17763.379 (WinBuild.160101.0800)
    00007FFC07820000-00007FFC07AC8000 iertutil.dll (Microsoft Corporation),
                                      version: 11.00.17763.379 (WinBuild.160101.0800)
    00007FFC14D70000-00007FFC14F18000 PROPSYS.dll (Microsoft Corporation),
                                      version: 7.0.17763.348 (WinBuild.160101.0800)
    00007FFC03AD0000-00007FFC03ADE000 httpapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC1C2F0000-00007FFC1C35D000 ws2_32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17BB0000-00007FFC17C17000 mswsock.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC17960000-00007FFC17A26000 DNSAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC19E90000-00007FFC19E98000 NSI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17910000-00007FFC1794D000 IPHLPAPI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC073C0000-00007FFC073CA000 rasadhlp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC0A720000-00007FFC0A799000 fwpuclnt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBEE2A0000-00007FFBEE2A9000 IconCodecService.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17E10000-00007FFC17E35000 wldp.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18740000-00007FFC18799000 WINTRUST.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC18420000-00007FFC18448000 USERENV.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [9212] 2019-04-01T04:08:19
    2  C:\Windows\explorer.exe [6312] 2019-04-01T04:08:01
    3  C:\Windows\System32\userinit.exe [6168] 2019-04-01T04:08:00
    
    Thumbprint
    f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5</Data>
      </EventData>
    </Event>
     
  5. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Exclusion does not work with Media Player Classic - Black Edition software. Without it, the video player does not start. Can I manually add a program to exclusions? Need help quickly. Please! Windows 10 v.1809 build: 17763.404. HitmanPro.Alert version 3.7.9 build 777

    2019-04-03_073408.jpg 2019-04-03_073427.jpg

    Forrás
    MPC-BE x64

    Összegzés
    Működésképtelenné vált

    Dátum
    ‎2019. ‎04. ‎03. 7:30

    Állapot
    Jelentés elküldve

    Leírás
    A hibát okozó alkalmazás elérési útja: C:\Program Files\MPC-BE x64\mpc-be64.exe

    Probléma-aláírás
    Problémaesemény neve: APPCRASH
    Alkalmazásnév: mpc-be64.exe
    Alkalmazásverzió: 1.5.3.4488
    Alkalmazás időbélyegzője: 5ca1b2bc
    Hiba – modul neve: hmpalert.dll
    Hiba – modul verziója: 3.7.9.777
    Hiba – modul időbélyegzője: 5c8f9e4f
    Kivételkód: c0000005
    Kivétel – eltolás: 00000000000db458
    Operációs rendszer verziója: 10.0.17763.2.0.0.256.48
    Területibeállítás-azonosító: 1038
    További információk 1: 2a05
    További információk 2: 2a05f37aac27d31c6bbf06b3253ae4b6
    További információk 3: 77fe
    További információk 4: 77fede194f50b7dfaca06fae569b711e

    További adatok a problémáról
    Gyűjtőazonosító: 09adb07d017514686f9d0814c8faf144 (2277985871883596100)

    If I delete from Media programs, this error will occur.

    2019-04-03_081205.jpg

    Forrás
    MPC-BE x64

    Összegzés
    Működésképtelenné vált

    Dátum
    ‎2019. ‎04. ‎03. 8:06

    Állapot
    Jelentés elküldve

    Leírás
    A hibát okozó alkalmazás elérési útja: C:\Program Files\MPC-BE x64\mpc-be64.exe

    Probléma-aláírás
    Problémaesemény neve: APPCRASH
    Alkalmazásnév: mpc-be64.exe
    Alkalmazásverzió: 1.5.3.4488
    Alkalmazás időbélyegzője: 5ca1b2bc
    Hiba – modul neve: hmpalert.dll
    Hiba – modul verziója: 3.7.9.777
    Hiba – modul időbélyegzője: 5c8f9e4f
    Kivételkód: c000041d
    Kivétel – eltolás: 0000000000052d8b
    Operációs rendszer verziója: 10.0.17763.2.0.0.256.48
    Területibeállítás-azonosító: 1038
    További információk 1: 68d5
    További információk 2: 68d5121a275e299af7c721e6f63ef20b
    További információk 3: 3043
    További információk 4: 3043f11465d05212fdc6a359a988a736

    További adatok a problémáról
    Gyűjtőazonosító: 16001b00b946cde2dd736d643afbfb89 (2122160126675385225)

    If I uninstall HitmanPro.Alert, then everything OK, Media Player Classic - Black Edition works well.
     
    Last edited: Apr 3, 2019
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    From your post, it's not clear to me whether you tried this:
    Click Add exclusion, navigate to MPC-BE, select mpc-be64.exe, and add it as exclusion by clicking "Megnyitás" (Open).
    On Windows 7 x64 with HMPA 3.7.9.775 that stil works for MPC-BE.
    I haven't tested on Windows 10 with HMPA 3.7.9.777.
     
  7. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    The pictures show that I started with this and it doesn't work. The file was not included in the exclusions. That's one of my problems.
     
  8. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    It should look like this:
    Anmerkung 2019-04-03 120621.jpg
     
  9. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,841
    Location:
    the Netherlands
    Of course it didn't show whether or not you clicked "Megnyitás" (Open), so I had to ask.
    I don't know why adding mpc-be64.exe doesn't work, on your installation.
    I hope that others on Windows 10 using MPC-BE can test it, and that someone can come up with an explanation and a solution for your problem.
     
  10. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    I wanted to do this, but I couldn't. So far, at many other programs It have been successful.
     
  11. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Judging from your previous issue and the actual issue, I guess you have overdone with tweaking.

    When your system is borked, better start from scratch...
     
  12. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    I can't use the PasswordChang Assistant.plgx (https://sourceforge.net/projects/passwordchangeassistant/) plugin because it has triggered HitmanPro.Alert.

    Code:
    Napló neve:    Application
    Forrás:        HitmanPro.Alert
    Dátum:         2019. 04. 07. 6:28:46
    Eseményazonosító:911
    Feladatkategória:Mitigation
    Szint:         Hiba
    Kulcsszavak:   Klasszikus
    Felhasználó:   n.a.
    Számítógép:    DESKTOP-J0VB0BC
    Leírás:
    Mitigation   Lockdown
    Timestamp    2019-04-07T04:28:46
    
    Platform     10.0.17763/x64 v777 06_9e
    PID          11200
    Feature      00171A361FBF01B6
    Application  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
    Created      2018-09-11T05:00:14
    Modified     2019-01-09T09:58:38
    Description  KeePass 2.41
    
    Filename     C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    
    Command line:
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\2g0zl43l.cmdline"
    
    Loaded Modules
    -----------------------------------------------------------------------------
    00000000005F0000-0000000000914000 KeePass.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFC55260000-00007FFC5544D000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC52530000-00007FFC525E3000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC47280000-00007FFC472E4000 MSCOREE.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51EF0000-00007FFC52183000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC50E80000-00007FFC51066000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.7.9.777
    00007FFC54540000-00007FFC545E3000 ADVAPI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC54DC0000-00007FFC54E5E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.17763.1 (WinBuild.160101.0800)
    00007FFC525F0000-00007FFC5268E000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC52E30000-00007FFC52F52000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFC46FB0000-00007FFC4704C000 mscoreei.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC54D00000-00007FFC54D52000 SHLWAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC548B0000-00007FFC54BDC000 combase.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51B90000-00007FFC51C8A000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51C90000-00007FFC51D0E000 bcryptPrimitives.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC55200000-00007FFC55229000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC522F0000-00007FFC5248A000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51AF0000-00007FFC51B90000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC52B20000-00007FFC52CB7000 USER32.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFC521C0000-00007FFC521E0000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC545F0000-00007FFC5461E000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51260000-00007FFC51271000 kernel.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4B3F0000-00007FFC4B3FA000 VERSION.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17D50000-00007FFC1873D000 clr.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC06550000-00007FFC06647000 MSVCR120_CLR0400.dll (Microsoft Corporation),
                                      version: 12.00.52519.0 built by: VSWINSERVICING
    00007FFBFF140000-00007FFC006D1000 mscorlib.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC550A0000-00007FFC551F5000 ole32.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC4F690000-00007FFC4F72C000 uxtheme.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC27F20000-00007FFC27F3C000 StartMenuXHook.dll (OrdinarySoft.),
                                      version: 5.8.1.0
    00007FFC27E60000-00007FFC27F09000 COMCTL32.dll (Microsoft Corporation),
                                      version: 5.82 (WinBuild.160101.0800)
    00007FFC51330000-00007FFC51347000 CRYPTSP.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC504B0000-00007FFC504E3000 rsaenh.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC52190000-00007FFC521B6000 bcrypt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50AC0000-00007FFC50ACC000 CRYPTBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBFE4F0000-00007FFBFF131000 System.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC10140000-00007FFC10B3B000 KeePass.ni.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFC26490000-00007FFC26679000 System.Drawing.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFBFD5A0000-00007FFBFE4ED000 System.Windows.Forms.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFC54C50000-00007FFC54CF8000 ShCore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBFCB50000-00007FFBFD5A0000 System.Core.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC34870000-00007FFC3499B000 System.Configuration.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFC0F3D0000-00007FFC0FC5C000 System.Xml.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC52F60000-00007FFC54450000 shell32.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC51AA0000-00007FFC51AEA000 cfgmgr32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51350000-00007FFC51A9A000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51300000-00007FFC51324000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC512A0000-00007FFC512FD000 powrprof.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC40640000-00007FFC408B9000 comctl32.dll (Microsoft Corporation),
                                      version: 6.10 (WinBuild.160101.0800)
    00007FFC4F780000-00007FFC4F7AE000 dwmapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51D10000-00007FFC51EEB000 CRYPT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51280000-00007FFC51292000 MSASN1.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC27650000-00007FFC2777B000 clrjit.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC40620000-00007FFC4062C000 secur32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51160000-00007FFC5118F000 SSPICLI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC52CC0000-00007FFC52E2A000 MSCTF.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC547E0000-00007FFC548A4000 OLEAUT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC25EB0000-00007FFC26055000 gdiplus.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC32570000-00007FFC3286F000 DWrite.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFC347D0000-00007FFC34869000 RichEd20.DLL (Microsoft Corporation),
                                      version: 5.31.23.1231
    00007FFC4C4D0000-00007FFC4C4E9000 USP10.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC06510000-00007FFC06549000 msls31.dll (Microsoft Corporation),
                                      version: 3.10.349.0
    00007FFC4C810000-00007FFC4C9C8000 WindowsCodecs.dll (Microsoft Corporation),
                                      version: 10.0.17763.55 (WinBuild.160101.0800)
    00007FFC54F90000-00007FFC55032000 clbcatq.dll (Microsoft Corporation),
                                      version: 2001.12.10941.16384 (WinBuild.160101.080
    00007FFC25030000-00007FFC25086000 dataexchange.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4E140000-00007FFC4E3BE000 d3d11.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4EAD0000-00007FFC4EC93000 dcomp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4FDF0000-00007FFC4FEB2000 dxgi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4F8B0000-00007FFC4FABD000 twinapi.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC4F7B0000-00007FFC4F7D8000 RMCLIENT.dll (Microsoft Corporation),
                                      version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFC30450000-00007FFC304F4000 tiptsf.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC33EF0000-00007FFC33F85000 TextInputFramework.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4CAE0000-00007FFC4CE02000 CoreUIComponents.dll (Microsoft Corporation),
                                      version: 10.0.17763.1
    00007FFC4ECA0000-00007FFC4ED82000 CoreMessaging.dll (Microsoft Corporation),
                                      version: 10.0.17763.194
    00007FFC50240000-00007FFC50271000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4D1A0000-00007FFC4D2F3000 wintypes.dll (Microsoft Corporation),
                                      version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFC4DC90000-00007FFC4DCA3000 wtsapi32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50190000-00007FFC501E8000 WINSTA.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC329A0000-00007FFC32B76000 urlmon.dll (Microsoft Corporation),
                                      version: 11.00.17763.404 (WinBuild.160101.0800)
    00007FFC408E0000-00007FFC40B88000 iertutil.dll (Microsoft Corporation),
                                      version: 11.00.17763.404 (WinBuild.160101.0800)
    00007FFC4DAB0000-00007FFC4DC58000 PROPSYS.dll (Microsoft Corporation),
                                      version: 7.0.17763.348 (WinBuild.160101.0800)
    00007FFC2E7D0000-00007FFC2E7DE000 httpapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC54450000-00007FFC544BD000 ws2_32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC508F0000-00007FFC50957000 mswsock.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC506A0000-00007FFC50766000 DNSAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC54BE0000-00007FFC54BE8000 NSI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50650000-00007FFC5068D000 IPHLPAPI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC30820000-00007FFC3082A000 rasadhlp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC30870000-00007FFC308E9000 fwpuclnt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC27570000-00007FFC27579000 IconCodecService.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50B50000-00007FFC50B75000 wldp.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC52290000-00007FFC522E9000 WINTRUST.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC51190000-00007FFC511B8000 USERENV.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC34570000-00007FFC345BF000 System.Numerics.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC26390000-00007FFC26483000 System.Security.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC504F0000-00007FFC504FA000 DPAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [11200] 2019-04-07T04:28:45
    2  C:\Program Files\Far Manager\Far.exe [7224] 2019-04-07T04:28:38
    3  C:\Windows\explorer.exe [6256] 2019-04-07T03:56:08
    4  C:\Windows\System32\userinit.exe [6096] 2019-04-07T03:56:08 32.6s
    5  C:\Windows\System32\winlogon.exe [896] 2019-04-07T03:55:58
       winlogon.exe
    
    Thumbprint
    f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5
    Esemény XML:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="HitmanPro.Alert" />
        <EventID Qualifiers="0">911</EventID>
        <Level>2</Level>
        <Task>9</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2019-04-07T04:28:46.379613800Z" />
        <EventRecordID>19765</EventRecordID>
        <Channel>Application</Channel>
        <Computer>DESKTOP-J0VB0BC</Computer>
        <Security />
      </System>
      <EventData>
        <Data>C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe</Data>
        <Data>Lockdown</Data>
        <Data>Mitigation   Lockdown
    Timestamp    2019-04-07T04:28:46
    
    Platform     10.0.17763/x64 v777 06_9e
    PID          11200
    Feature      00171A361FBF01B6
    Application  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
    Created      2018-09-11T05:00:14
    Modified     2019-01-09T09:58:38
    Description  KeePass 2.41
    
    Filename     C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    
    Command line:
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Asrock\AppData\Local\Temp\2g0zl43l.cmdline"
    
    Loaded Modules
    -----------------------------------------------------------------------------
    00000000005F0000-0000000000914000 KeePass.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFC55260000-00007FFC5544D000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC52530000-00007FFC525E3000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC47280000-00007FFC472E4000 MSCOREE.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51EF0000-00007FFC52183000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC50E80000-00007FFC51066000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.7.9.777
    00007FFC54540000-00007FFC545E3000 ADVAPI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC54DC0000-00007FFC54E5E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.17763.1 (WinBuild.160101.0800)
    00007FFC525F0000-00007FFC5268E000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC52E30000-00007FFC52F52000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFC46FB0000-00007FFC4704C000 mscoreei.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC54D00000-00007FFC54D52000 SHLWAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC548B0000-00007FFC54BDC000 combase.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51B90000-00007FFC51C8A000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51C90000-00007FFC51D0E000 bcryptPrimitives.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC55200000-00007FFC55229000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC522F0000-00007FFC5248A000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51AF0000-00007FFC51B90000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC52B20000-00007FFC52CB7000 USER32.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFC521C0000-00007FFC521E0000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC545F0000-00007FFC5461E000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51260000-00007FFC51271000 kernel.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4B3F0000-00007FFC4B3FA000 VERSION.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC17D50000-00007FFC1873D000 clr.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC06550000-00007FFC06647000 MSVCR120_CLR0400.dll (Microsoft Corporation),
                                      version: 12.00.52519.0 built by: VSWINSERVICING
    00007FFBFF140000-00007FFC006D1000 mscorlib.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC550A0000-00007FFC551F5000 ole32.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC4F690000-00007FFC4F72C000 uxtheme.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC27F20000-00007FFC27F3C000 StartMenuXHook.dll (OrdinarySoft.),
                                      version: 5.8.1.0
    00007FFC27E60000-00007FFC27F09000 COMCTL32.dll (Microsoft Corporation),
                                      version: 5.82 (WinBuild.160101.0800)
    00007FFC51330000-00007FFC51347000 CRYPTSP.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC504B0000-00007FFC504E3000 rsaenh.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC52190000-00007FFC521B6000 bcrypt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50AC0000-00007FFC50ACC000 CRYPTBASE.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBFE4F0000-00007FFBFF131000 System.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC10140000-00007FFC10B3B000 KeePass.ni.exe (Dominik Reichl),
                                      version: 2.41.0.0
    00007FFC26490000-00007FFC26679000 System.Drawing.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFBFD5A0000-00007FFBFE4ED000 System.Windows.Forms.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFC54C50000-00007FFC54CF8000 ShCore.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFBFCB50000-00007FFBFD5A0000 System.Core.ni.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC34870000-00007FFC3499B000 System.Configuration.ni.dll (Microsoft Corporation),
                                      version: 4.7.3324.0 built by: NET472REL1LAST_C
    00007FFC0F3D0000-00007FFC0FC5C000 System.Xml.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC52F60000-00007FFC54450000 shell32.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC51AA0000-00007FFC51AEA000 cfgmgr32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51350000-00007FFC51A9A000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC51300000-00007FFC51324000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC512A0000-00007FFC512FD000 powrprof.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC40640000-00007FFC408B9000 comctl32.dll (Microsoft Corporation),
                                      version: 6.10 (WinBuild.160101.0800)
    00007FFC4F780000-00007FFC4F7AE000 dwmapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51D10000-00007FFC51EEB000 CRYPT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51280000-00007FFC51292000 MSASN1.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC27650000-00007FFC2777B000 clrjit.dll (Microsoft Corporation),
                                      version: 4.7.3362.0 built by: NET472REL1LAST_C
    00007FFC40620000-00007FFC4062C000 secur32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC51160000-00007FFC5118F000 SSPICLI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC52CC0000-00007FFC52E2A000 MSCTF.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC547E0000-00007FFC548A4000 OLEAUT32.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC25EB0000-00007FFC26055000 gdiplus.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC32570000-00007FFC3286F000 DWrite.dll (Microsoft Corporation),
                                      version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFC347D0000-00007FFC34869000 RichEd20.DLL (Microsoft Corporation),
                                      version: 5.31.23.1231
    00007FFC4C4D0000-00007FFC4C4E9000 USP10.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC06510000-00007FFC06549000 msls31.dll (Microsoft Corporation),
                                      version: 3.10.349.0
    00007FFC4C810000-00007FFC4C9C8000 WindowsCodecs.dll (Microsoft Corporation),
                                      version: 10.0.17763.55 (WinBuild.160101.0800)
    00007FFC54F90000-00007FFC55032000 clbcatq.dll (Microsoft Corporation),
                                      version: 2001.12.10941.16384 (WinBuild.160101.080
    00007FFC25030000-00007FFC25086000 dataexchange.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4E140000-00007FFC4E3BE000 d3d11.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4EAD0000-00007FFC4EC93000 dcomp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4FDF0000-00007FFC4FEB2000 dxgi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4F8B0000-00007FFC4FABD000 twinapi.appcore.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC4F7B0000-00007FFC4F7D8000 RMCLIENT.dll (Microsoft Corporation),
                                      version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFC30450000-00007FFC304F4000 tiptsf.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC33EF0000-00007FFC33F85000 TextInputFramework.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4CAE0000-00007FFC4CE02000 CoreUIComponents.dll (Microsoft Corporation),
                                      version: 10.0.17763.1
    00007FFC4ECA0000-00007FFC4ED82000 CoreMessaging.dll (Microsoft Corporation),
                                      version: 10.0.17763.194
    00007FFC50240000-00007FFC50271000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC4D1A0000-00007FFC4D2F3000 wintypes.dll (Microsoft Corporation),
                                      version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFC4DC90000-00007FFC4DCA3000 wtsapi32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50190000-00007FFC501E8000 WINSTA.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC329A0000-00007FFC32B76000 urlmon.dll (Microsoft Corporation),
                                      version: 11.00.17763.404 (WinBuild.160101.0800)
    00007FFC408E0000-00007FFC40B88000 iertutil.dll (Microsoft Corporation),
                                      version: 11.00.17763.404 (WinBuild.160101.0800)
    00007FFC4DAB0000-00007FFC4DC58000 PROPSYS.dll (Microsoft Corporation),
                                      version: 7.0.17763.348 (WinBuild.160101.0800)
    00007FFC2E7D0000-00007FFC2E7DE000 httpapi.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC54450000-00007FFC544BD000 ws2_32.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC508F0000-00007FFC50957000 mswsock.dll (Microsoft Corporation),
                                      version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFC506A0000-00007FFC50766000 DNSAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFC54BE0000-00007FFC54BE8000 NSI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50650000-00007FFC5068D000 IPHLPAPI.DLL (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC30820000-00007FFC3082A000 rasadhlp.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC30870000-00007FFC308E9000 fwpuclnt.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC27570000-00007FFC27579000 IconCodecService.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC50B50000-00007FFC50B75000 wldp.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC52290000-00007FFC522E9000 WINTRUST.dll (Microsoft Corporation),
                                      version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFC51190000-00007FFC511B8000 USERENV.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFC34570000-00007FFC345BF000 System.Numerics.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC26390000-00007FFC26483000 System.Security.ni.dll (Microsoft Corporation),
                                      version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFC504F0000-00007FFC504FA000 DPAPI.dll (Microsoft Corporation),
                                      version: 10.0.17763.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [11200] 2019-04-07T04:28:45
    2  C:\Program Files\Far Manager\Far.exe [7224] 2019-04-07T04:28:38
    3  C:\Windows\explorer.exe [6256] 2019-04-07T03:56:08
    4  C:\Windows\System32\userinit.exe [6096] 2019-04-07T03:56:08 32.6s
    5  C:\Windows\System32\winlogon.exe [896] 2019-04-07T03:55:58
       winlogon.exe
    
    Thumbprint
    f95e9b51bd5d76517aa275980423fb8d70f85b4f3c3043612d9f931080b59ce5</Data>
      </EventData>
    </Event>
    Is this a real alarm or false? If it is false, then how can I stop it? HitmanPro.Alert alerts you to many KeePass plugins. See my comment above. https://www.wilderssecurity.com/threads/hitmanpro-alert-beta.394398/page-57#post-2817938
     
    Last edited: Apr 7, 2019
  13. guest

    guest Guest

    (Mitigation Lockdown) - Untick "Application Lockdown" for your protected application (KeePass) before you want to update the KeePass plugins else you will see the alert again.
     
  14. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Thanks, this works for both plugins. But a question arises in me. Surely is this a good solution? Where do I know this was just a false alarm? The alarm might have been real and I risk the security of my computer with this trick.

    On the other hand, it would be good to have a list of programs that need some trick (example: function reduction of the HitmanPro.Alert, exclusion) to work correctly with HitmanPro.Alert.
     
    Last edited: Apr 7, 2019
  15. guest

    guest Guest

    "Application Lockdown" simply prevents protected applications from launching of files, no matter if the file it wants to launch is a legitimate file or malware.
    (more correctly: a file which is created by a protected application will be locked and further launching of it is prevented - even if the locked file is launched by an application which is not protected by HMP.A)

    As soon as you see "Mitigation Lockdown" in the alert while the application wanted to update itself or its plugins, etc. you know that it is a false alarm.
    Unticking of Application Lockdown is "the only solution" if you want to allow your protected application from updating itself.

    Your system and your applications are still protected by HMP.A if you untick it a single mitigation. All other mitigations of HMP.A are still active.
     
    Last edited by a moderator: Apr 7, 2019
  16. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    I understand now. Thanks for the explanation.
     
  17. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.7.9 Build 779 Release Candidate

    Changelog (compared to build 777)
    • Improved Heap Heap Protect mitigation, boosting compatibility with games and certain compressed binaries. In addition, we've improved detection of threats that allocate memory in another running application (code injection / process migration).
    • Improved detection of binaries backdoored by Shellter Pro (part of Code Cave mitigation).
    • Improved Hardware Assisted Control Flow Integrity (HA-CFI) on mainstream Intel microprocessor hardware.
    • Differentiated between exploits that trigger CallerCheck (a per-application mitigation) and packers that blindly call kernel32, which also triggers CallerCheck but are now reported as Kernel32Trap (a system-wide mitigation).
    • Improved compatibility with Windows System Restore.
    • Fixed a potential BSOD when the HitmanPro.Alert Service shuts down.
    • Fixed memory corruption in PipeWorker which could be triggered when the user manually added a large amount of other applications under exploit protection.
    • Fixed compatibility with the Windows Store version of Forza Horizon 4.
    Download
    https://dl.surfright.nl/hmpalert3b779.exe

    We found a minor issue with the previous build 777 (which was not visible to the normal user) so we're preparing this newer build to become the new general availability build.
    Please let us know how this build runs on your machine! Thanks everybody :thumb:
     
    Last edited: Apr 17, 2019
  18. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    LOLOLOL that plugin is compiling code on your box from the KeePass process! WTH!
     
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
  20. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
  21. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Mark, does this help?
     
  22. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Cool! Just curious if we are protected without 0Patch. I'm guessing yes? HMP.A is awesome protection, Mark.
     
  24. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    I just rebooted into Build 779 and reloaded all my typical applications. I also perused the Event Viewer. I did not experience or find any issues.
     
  25. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading/updating build 779 RC.

    Btw... got a warning from Firefox 66.0.3 after downloading this build (see attached textfile).

    Win10 1809 build 17763.437 x64/Norton Security v22.17.0.183
     

    Attached Files:

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.