HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    The average person can't stop it from auto updating to the latest version.
     
  2. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    I am going to hold off also on the new build, and is a bit concerning no one responded to the memory leak, a year ago I feel the devs would have responded.
     
  3. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    It will only dump the applications memory, not the full machine's.
    And yes please a PM if it reproduces and catches a memory dump.
     
  4. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Can you please right click on the alert process and select "create dump file" and send me a PM here so we can have the devs look at what this might be.
     
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Been running HMP.A 3.8.0 Build 859 since Dec. 30, 2019.
    Today I got this...

    HMP.A terminates HMP.jpg
    HMP.A Cred Guard.jpg
     
  6. JEAM

    JEAM Registered Member

    Joined:
    Feb 21, 2015
    Posts:
    574
    What, HMP.A intercepted HMP? :confused:
     
  7. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.8.0 Build 861 Released

    Changelog (compared to build 859)
    • Improved CryptoGuard 5 performance
    • Improved suppress alert event user interface
    • Fixed issue in CryptoGuard 5 causing BSOD when copying large files over SMB
    • Fixed potential local privilege escalation (LPE)
    Download
    https://dl.surfright.nl/hmpalert38.exe

    Please let us know how this version runs on your machine :thumb: We're are automatically updating users on build 8xx to build 861.
     
    Last edited: Jan 10, 2020
  8. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro could be compromised or in-memory altered. As you noticed, HitmanPro.Alert doesn't care - it doesn't treat HitmanPro any different. If access of the SAM registry key is detected, it will be terminated.
    Are you running a properly licensed copy or trial of the HitmanPro scanner?
     
  9. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    43
    Location:
    Nederlands
    After notification of update for HitmanPro-Alert, restart the PC and HitmanPro-Alert has been updated.
    No problems encountered.


    Windows 10 Pro versie 1909
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Smooth install/reboot to build 861 :thumb:
     
  11. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I am running a properly licensed copy, and will be happy to send that key to you via PM. I've been a purchaser of license keys from cleverbridge / SurfRight B.V since 2012. How do I know if HitmanPro has been compromised or in-memory altered?
     
  12. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    196
    Hello.
    When Kaspersky IS 20 finish updating + 'Credential Theft Protection' enable:
    1. With v 3.8.0 859
    2. With v 3.8.0 861
    Credential Theft Protection disable.. no problems.
     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    861 is running fine here on 1909.
     
  14. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hello,
    Issue still exists with the updated HMP.A 3.8.0.861 and an recently updated Edge Chromium Dev 81.0.381.0. There are still no issues with any other software or browser except Edge Chromium...
     
  15. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi Puff-m-d,
    Doesn't reproduce on my end, can you send me your installed software list in a PM please, looks like a compatibility issue.
     
  16. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
  17. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    I don't want to blame anyone,
    but did all of you consider, that you are doing something wrong?
    I'm a long time user of HMP.A, and had only minor issues, but that's a long time ago.
     
  18. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    No issues here, with Edge version 79.0.309.63 (Offizielles Build) (64-Bit)
     
  19. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    982
    Location:
    UK
    Ok I did reboot last night, but if/when I see it grow again, I will do as you requested, thanks.
     
  20. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,242
    No problems upgrading build 861.

    Win10 1909 build 18363.535 x64/Norton Security v22.19.9.63
     
  21. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    +1
     
  22. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    And crickets. :thumbd:
     
  23. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    There are numerous ways that HitmanPro.Alert would detect but in case an application, including the HitmanPro scanner, would be compromised or backdoored in a way not detected by HitmanPro.Alert, access to sensitive areas are still blocked.
     
  24. pilipali

    pilipali Registered Member

    Joined:
    Nov 24, 2017
    Posts:
    23
    Location:
    Finland
    There is some problem with HitmanPro.Alert 3.8.0 861 and Musicbee 3.3. I have the Windows store version of Musicbee. I get this when starting Musicbee:

    Code:
    Mitigation   HeapHeapProtect
    Timestamp    2020-01-12T09:39:11
    
    Platform     10.0.18363/x64 v861 6f_13%
    PID          12300
    Feature      003D0A30000000A2
    Application  C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.5.0_x86__kcr266et74avj\win32\MusicBee.exe
    Created      2020-01-10T12:11:14
    Description  MusicBee 3.3
    
    Shellcode (HHA) (0x0001C000 bytes)
    Owner of CALLER: (anonymous; allocated by 68D3EE19, clr.dll)
    
    OwnerModule
    Name         clr.dll
    Thumbprint   7a33ad00e22a53d91dd1a6f097fd37d9c8a9cd3bd512070eb7ce988aaf722733
    SHA-256      76f3cc0f1a2e447cbe8d5aef49774bba8d03f8af99b18b4795089e0c66424b26
    SHA-1        8160c0f5055d46a27fb82381218a242e619ac747
    MD5          6d1f610ee46be14c78c7f1d8d6404f87
    
    0A0CD1B2  ffd1                     CALL         ECX
    0A0CD1B4  c6460801                 MOV          BYTE [ESI+0x8], 0x1
    0A0CD1B8  833d48203e6900           CMP          DWORD [0x693e2048], 0x0
    0A0CD1BF  7407                     JZ           0xa0cd1c8
    0A0CD1C1  50                       PUSH         EAX
    0A0CD1C2  e8f9cdd75e               CALL         0x68e49fc0
    0A0CD1C7  58                       POP          EAX
    0A0CD1C8  c745e400000000           MOV          DWORD [EBP-0x1c], 0x0
    0A0CD1CF  8b7dd8                   MOV          EDI, [EBP-0x28]
    0A0CD1D2  897e0c                   MOV          [ESI+0xc], EDI
    0A0CD1D5  8d65f4                   LEA          ESP, [EBP-0xc]
    0A0CD1D8  5b                       POP          EBX
    0A0CD1D9  5e                       POP          ESI
    0A0CD1DA  5f                       POP          EDI
    0A0CD1DB  5d                       POP          EBP
    0A0CD1DC  c20400                   RET          0x4
    
    ----- SNIP HERE -----
    AAEfAQDQDAqy0QwKANAMCgAwAACJFTRfvwEz0okVOF+/ATPSiRU8X78BuWZwvQe6AQAAAOjHYYT3jRUcSloE6Owbvl6LDQBQWgT/FaQStAVdwwAAAAAAABRxvQfccL0H+HC9B5wStAVVi+yD7CgzwIlF7IlF8IlF9IlF+IlN6GoIi03oM9Lo7fT//4XAdAXpoAAAALkoe4Nn6CpghPeJReS5TV4CALpEQJIB6HAS2l6JRdy5WFwAALpEQJIB6F4S2l5Qi03ci1Xo6FKtq12L0ItN5Oi4yChei03k6DAk2F6LyP8VvBQqZbkoe4Nn6NZfhPeJReC5TV4CALpEQJIB6BwS2l6JRdi5WFwAALpEQJIB6AoS2l5Qi03Yi1Xo6P6sq12L0ItN4OhkyChei03g6Nwj2F6L5V3DAAAAAAAAAABIcb0HQNu+B1WL7FdWU4PsJIlF7DPbiV3wZIs1KA4AAMdF1IT+ymjHRdC2BecOi0YMiUXYiW3ox0XkAAAAAI1F1IlGDDP/hcl0BolN8I15CItF7ItAFIsI/3UIUlfHRdwMAAAAiWXgx0XktNEMCsZGCAD/0cZGCAGDPUggPmkAdAdQ6PnN115Yx0XkAAAAAIt92Il+DI1l9FteX13CBAAAuHW9B1hxvQeMcb0HFJS0BVWL7FdWU4Hs2AIAAIvxjb0w/f//ubAAAAAzwPOri86JjSz9//+JlSj9//+APTFXvwEAD4QLFwAAi4Uo/f//gXgECgIAAHU+gz0kOFoEAA+F7xYAAIuFKP3///9wEIPsEPMPfgBmD9YEJPMPfkAIZg/WRCQIi40s/f///xVA074H6dcXAACLhSj9//+BeAQLAgAAdSuLhSj9////cBCD7BDzD34AZg/WBCTzD35ACGYP1kQkCP8VTNO+B+mdFwAAi4Uo/f//gXgEAAIAAHQTi4Uo/f//gXgEAQIAAA+FYhYAAIuFKP3//4sI6BqtR1yJRaSDfaQAD4RBFgAAi4Uo/f//i1AMjY3E/v///xWQ7rAGjYXE/v//g+wI8w9+AGYP1gQkjVWoi02k6Hfy//+NRaiD7AjzD34AZg/WBCSNVdCLjSz9///oRuMFAIuNLP3//+ibZNpbiYXA/v//i4Uo/f//ixCLjcD+////FYwStAWFwA+ExBMAAIA9sF6/AQAPhbcTAACAPchWvwEAD4WqEwAAuZhMvwG6vQgAAOjQYIT3D7YF5GO/AYTAD4WMEwAAgz0kOFoEAA+FfxMAAIM9WDxaBAAPhXITAACAPW1gvwEAD4VlEwAAgD0/YL8BAA+FWBMAAIA9WGK/AQAPhUsTAADHRdz/////M9KJVdiAPYZlvwEAdBKLDag3WgQ5Cf8V6CulBoXAdAWDy//rF41F0IPsCPMPfgBmD9YEJP8VQAGwBovYjUXQg+wI8w9+AGYP1gQkiw00N1oEg8EE6EzAslyFwA+EqwIAAOiD999bhcB0E4uFKP3//4F4BAECAAAPhY8CAAChhDdaBIN4BAEPhpcUAACLQAyAeCAAdGmLddChhDdaBIN4BAEPhnwUAACLSAw5Cf8VtBmlBoPA/TvGf0WLddChhDdaBIN4BAEPhlgUAACLSAw5Cf8VtBmlBoPAAzvGfCGhqDdaBIO4kAAAAAN0E8dF2AEAAADHRdwBAAAA6Q4CAAChhDdaBIN4BAIPhhYUAACLQBCAeCAAD4SvAAAAuQIAAAAz0v8VVJO0BYXAD4WaAAAAi3XQoYQ3WgSDeAQCD4biEwAAi0gQOQn/FbQZpQaDwP07xn92i3XQoYQ3WgSDeAQCD4a+EwAAi0gQOQn/FbQZpQaDwAM7xnxSoag3WgSLUFi5qI+3BugwGL5ehcAPhHsBAACLddShhDdaBIN4BAIPhoATAACLSBA5Cf8VwBmlBjvGD45WAQAAx0XYAQAAAMdF3AIAAADpQwEAAKGEN1oEg3gEBA+GSxMAAItAGIB4IAAPhJUAAAC5BAAAADPS/xVUk7QFhcAPhYAAAACLddChhDdaBIN4BAMPhhcTAACLSBQ5Cf8VtBmlBoPA/TvGf1yLddChhDdaBIN4BAMPhvMSAACLSBQ5Cf8VtBmlBoPAAzvGfDiLddShhDdaBIN4BAQPhs8SAACLSBg5Cf8VwBmlBjvGD46lAAAAx0XYAQAAAMdF3AQAAADpkgAAAKGEN1oEg3gEBQ+GmhIAAItAHIB4IAB0abkFAAAAM9L/FVSTtAWFwHVYi3XQoYQ3WgSDeAQED4ZuEgAAi0gYOQn/FbQZpQaDwP07xn80i3XQoYQ3WgSDeAQED4ZKEgAAi0gYOQn/FbQZpQaDwAM7xnwQx0XYAQAAAMdF3AUAAADrEYP7/3QMx0XYAQAAADPSiVXcD7ZF2IXAD4S2CgAAg33cAHUJgz0oZr8BAXQwi40s/f//iwGLQDz/UASL8OiJ9VBcO8Z0RYs14FFaBOh69VBci9CLzv8VXLC/Aesui40s/f//iwGLQDz/UASL8OiR9FBcO8Z0FYs14FFaBOiC9FBci9CLzv8VXLC/AYuFKP3//4F4BAECAAAPhR0PAACDfdwAD4RlBgAAjb00////D1fAZg/WB2YP1kcIjY00////i1Wo6HduslyNvej9//8PV8BmD9YHiw00N1oEg8EE6CwOv1xQjY3o/f//M9Lo/oGyXI2F6P3//4PsCPMPfgBmD9YEJI1VyIuNLP3//+ii7f//jY00////i1XM6LBsslzHhTz///8DAAAAiw00N1oEg8EE6NiAslyL0I2NNP///+irbLJcjb0k////izU0N1oEg8YE8w9+BmYP1gfzD35GCGYP1kcIjY0k////jZXg/f//6Pl4slyNheD9//+D7AjzD34AZg/WBCSNldj9//+LjSz9///oGu3//42F2P3//4PsCPMPfgBmD9YEJI2NJP///+hBDb9ci7Us////oYQ3WgSDeAQDD4ZeEAAAi0AUK3AYRqGEN1oEg3gEAQ+GSBAAAItADCtwHKGEN1oEg3gEAg+GMxAAAItAECtwHKGEN1oEg3gEBA+GHhAAAItAGCtwHKGEN1oEg3gEBQ+GCRAAAItAHCtwHIX2D46cCAAAM9uLRdxIg/gFD4MOBAAA/ySFWOoMCo29aP3//w9XwGYP1gehhDdaBIN4BAEPhskPAACLSAw5Cf8VtBmlBovQagCNjWj9///odYCyXI2FaP3//4PsCPMPfgBmD9YEJI1VyIuNLP3//+gZ7P//i0XIiYV0////i500////K9iNvVj9//8PV8BmD9YHZg/WRwiLhST///+LFYQ3WgSDegQBD4ZWDwAAi1IMA0IYjUQY/4mFUP3//2gBgP//VmgAAAEAi9CNjVj9///oVICyXI2FWP3//4PsEPMPfgBmD9YEJPMPfkAIZg/WRCQI6G4PSVzpKQMAAI29gP3//w9XwGYP1gehhDdaBIN4BAIPhusOAACLSBA5Cf8VtBmlBomFTP3//2oAi9CNjYD9///okX+yXI2FgP3//4PsCPMPfgBmD9YEJI1VyIuNLP3//+g16///i0XIiYVw////i500////K9iNvXD9//8PV8BmD9YHZg/WRwiLhST///+LFYQ3WgSDegQBD4ZyDgAAi1IMA0IcixWEN1oEg3oEAg+GXA4AAItSEANCGI1EGP+JhUj9//9oAYD//1ZoAAABAIvQjY1w/f//6Fp/slyNhXD9//+D7BDzD34AZg/WBCTzD35ACGYP1kQkCOh0Dklc6S8CAACNvbj9//8PV8BmD9YHoYQ3WgSDeAQED4bxDQAAi0gYOQnoPdgBAImFRP3//2oAi9CNjbj9///omH6yXI2FuP3//4PsCPMPfgBmD9YEJI1VyIuNLP3//+g86v//i0XIiYVs////i500////K9iNvaj9//8PV8BmD9YHZg/WRwiLhST///+LFYQ3WgSDegQBD4Z5DQAAi1IMA0IcixWEN1oEg3oEAg+GYw0AAItSEANCHIsVhDdaBIN6BAMPhk0NAACLUhQDQhiNRBgBiYVA/f//aAGA//9WaAAAAQCL0I2NqP3//+hLfrJcjYWo/f//g+wQ8w9+AGYP1gQk8w9+QAhmD9ZEJAjoZQ1JXOkgAQAAjb3Q/f//D1fAZg/WB6GEN1oEg3gEBQ+G4gwAAItIHDkJ6C7XAQCJhTz9//9qAIvQjY3Q/f//6Il9slyNhdD9//+D7AjzD34AZg/WBCSNVciLjSz9///oLen//4tFyImFaP///4udNP///yvYjb3A/f//D1fAZg/WB2YP1kcIi4Uk////ixWEN1oEg3oEAQ+GagwAAItSDANCHIsVhDdaBIN6BAIPhlQMAACLUhADQhyLFYQ3WgSDegQED4Y+DAAAi1IYA0IcixWEN1oEg3oEAw+GKAwAAItSFANCGI1EGAGJhTj9//9oAYD//1ZoAAABAIvQjY3A/f//6CZ9slyNhcD9//+D7BDzD34AZg/WBCTzD35ACGYP1kQkCOhADElcuazIvgfoklOE94mFHP3//429mP3//421NP////MPfgZmD9YH8w9+RghmD9ZHCI29iP3//6EoRVoEOoAoBAAAjbAoBAAAgcZQDgAApaWlpbjoxAwKUIuNHP3//4uVLP3//+h+E7NdubSkXgboLFOE94vQjYWY/f//g+wQ8w9+AGYP1gQk8w9+QAhmD9ZEJAhqAY2FiP3///9wDP9wCP9wBP8w/7Uc/f//i0XciUIEUouNLP3//4vT/xWku74H6b0DAACh1DxaBDtYBA+DDgsAAItMmAiNlRT///+LAYuA4AAAAP8QjVMBjY0E/////xVYAbAGjU2Ui9P/FUwBsAaNTZSNlVj+///oGHOyXI2FWP7//4PsCPMPfgBmD9YEJI2VUP7//4uNLP3//+g55///jYVQ/v//g+wI8w9+AGYP1gQkjU2U6GMHv1yDPShmvwEBD4WaAQAAi0WsK0WYiUWQi1WYK5Ug////obBDWgSDeAQcD4ZnCgAAA1B4iZVk////i5Ug////i4UQ////A9ChsENaBIN4BDgPhkEKAAArkOgAAACJlWD///+NvRD+//8PV8BmD9YHZg/WRwiLhWT///8DRZBQaAAAAQBCUo2NEP7//7oBgP//6Ch7slyNhRD+//+D7BDzD34AZg/WBCTzD35ACGYP1kQkCOhCCklcuazIvgfolFGE94mFIP3//429AP7//411lPMPfgZmD9YH8w9+RghmD9ZHCI298P3//6EoRVoEOoAoBAAAjbAoBAAAgcZQDgAApaWlpbgQxQwKUIuNIP3//4uVLP3//+iDEbNduQ6HfGe6AgAAAOgUUoT3i/C5tKReBuggUYT3M9KJUARQi87oC6m+XrnoCYVn6AlRhPeL0IlaBFKLzroBAAAA6O+ovl6NhQD+//+D7BDzD34AZg/WBCTzD35ACGYP1kQkCGoBjYXw/f///3AM/3AI/3AE/7msyL4H6JRRhPeJhSD9HwL/jb0A
    ----- END SNIP -----
    
    Loaded Modules (92)
    -----------------------------------------------------------------------------
    00AD0000-01010000 MusicBee.exe (Steven Mayall),
                      version: 3.3.7310.31853
    77980000-77B1A000 ntdll.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    694E0000-69532000 MSCOREE.DLL (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    76BF0000-76CD0000 KERNEL32.dll (Microsoft Corporation),
                      version: 10.0.18362.329 (WinBuild.160101.0800)
    75190000-7538C000 KERNELBASE.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    75040000-75138000 hmpalert.dll (SurfRight B.V.),
                      version: 3.8.0.861
    765D0000-76649000 ADVAPI32.dll (Microsoft Corporation),
                      version: 10.0.18362.329 (WinBuild.160101.0800)
    75CC0000-75D7F000 msvcrt.dll (Microsoft Corporation),
                      version: 7.0.18362.1 (WinBuild.160101.0800)
    778F0000-77966000 sechost.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    77830000-778EB000 RPCRT4.dll (Microsoft Corporation),
                      version: 10.0.18362.476 (WinBuild.160101.0800)
    75150000-75170000 SspiCli.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75140000-7514A000 CRYPTBASE.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    76B90000-76BEF000 bcryptPrimitives.dll (Microsoft Corporation),
                      version: 10.0.18362.295 (WinBuild.160101.0800)
    69450000-694DD000 mscoreei.dll (Microsoft Corporation),
                      version: 4.8.4018.0 built by: NET48REL1LAST_C
    76B40000-76B84000 SHLWAPI.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    775B0000-77826000 combase.dll (Microsoft Corporation),
                      version: 10.0.18362.449 (WinBuild.160101.0800)
    76730000-7684F000 ucrtbase.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    76AF0000-76B11000 GDI32.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75AF0000-75B07000 win32u.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    75E30000-75F8A000 gdi32full.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    77340000-773BC000 msvcp_win.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    76950000-76AE7000 USER32.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    76920000-76945000 IMM32.DLL (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    75180000-7518F000 kernel.appcore.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74F90000-74F98000 VERSION.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    68CA0000-69450000 clr.dll (Microsoft Corporation),
                      version: 4.8.4075.0 built by: NET48REL1LAST
    68C80000-68C94000 VCRUNTIME140_CLR0400.dll (Microsoft Corporation),
                      version: 14.10.25028.0 built by: VCTOOLSD15RTM
    68BD0000-68C7B000 ucrtbase_clr0400.dll (Microsoft Corporation),
                      version: 14.10.25028.0 built by: VCTOOLSD15RTM
    677C0000-68BCE000 mscorlib.ni.dll (Microsoft Corporation),
                      version: 4.8.4075.0 built by: NET48REL1LAST
    75B10000-75C07000 ole32.dll (Microsoft Corporation),
                      version: 10.0.18362.113 (WinBuild.160101.0800)
    74940000-749BA000 uxtheme.dll (Microsoft Corporation),
                      version: 10.0.18362.449 (WinBuild.160101.0800)
    66D60000-677B5000 System.ni.dll (Microsoft Corporation),
                      version: 4.8.4001.0 built by: NET48REL1LAST_C
    66BB0000-66D53000 System.Drawing.ni.dll (Microsoft Corporation),
                      version: 4.8.3752.0 built by: NET48REL1
    66B20000-66BA9000 clrjit.dll (Microsoft Corporation),
                      version: 4.8.4075.0 built by: NET48REL1LAST
    75D90000-75E22000 OLEAUT32.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    65CB0000-66B16000 System.Windows.Forms.ni.dll (Microsoft Corporation),
                      version: 4.8.4042.0 built by: NET48REL1LAST_C
    65490000-65CA8000 System.Core.ni.dll (Microsoft Corporation),
                      version: 4.8.4075.0 built by: NET48REL1LAST
    652A0000-65482000 Microsoft.VisualBasic.ni.dll (Microsoft Corporation),
                      version: 14.8.3752.0 built by: NET48REL1
    75540000-75643000 MSCTF.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    69640000-69676000 BtMmHook.dll (Broadcom Corporation.),
                      version: 12.0.0.5000
    76DC0000-7733A000 SHELL32.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    75AB0000-75AEB000 cfgmgr32.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    76CD0000-76D54000 shcore.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75FF0000-765B5000 windows.storage.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    76700000-76717000 profapi.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    76850000-76893000 powrprof.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75170000-7517D000 UMPDC.dll (),
                      version:
    77420000-77433000 cryptsp.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    75650000-75656000 PSAPI.DLL (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74520000-74689000 gdiplus.dll (Microsoft Corporation),
                      version: 10.0.18362.535 (WinBuild.160101.0800)
    749C0000-749E5000 dwmapi.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    6F540000-6F7C0000 DWrite.dll (Microsoft Corporation),
                      version: 10.0.18362.476 (WinBuild.160101.0800)
    65280000-6529D000 MusicBeeBass.dll (),
                      version:
    76D60000-76DBE000 WS2_32.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    65170000-65275000 System.Configuration.ni.dll (Microsoft Corporation),
                      version: 4.8.3752.0 built by: NET48REL1
    649F0000-65164000 System.Xml.ni.dll (Microsoft Corporation),
                      version: 4.8.3752.0 built by: NET48REL1
    75390000-753A9000 bcrypt.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    74E00000-74E2F000 rsaenh.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    6D160000-6D2C9000 WindowsCodecs.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    699C0000-69A4D000 comctl32.dll (Microsoft Corporation),
                      version: 5.82 (WinBuild.160101.0800)
    6DC20000-6DCA4000 TextInputFramework.dll (Microsoft Corporation),
                      version: 10.0.18362.207 (WinBuild.160101.0800)
    6FFA0000-701FE000 CoreUIComponents.dll (Microsoft Corporation),
                      version: 10.0.18362.207
    72660000-726E9000 CoreMessaging.dll (Microsoft Corporation),
                      version: 10.0.18362.1
    6FEA0000-6FEC9000 ntmarta.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74260000-7433A000 wintypes.dll (Microsoft Corporation),
                      version: 10.0.18362.449 (WinBuild.160101.0800)
    72FF0000-73219000 iertutil.dll (Microsoft Corporation),
                      version: 11.00.18362.449 (WinBuild.160101.0800)
    728E0000-72AEF000 comctl32.DLL (Microsoft Corporation),
                      version: 6.10 (WinBuild.160101.0800)
    768A0000-76920000 clbcatq.dll (Microsoft Corporation),
                      version: 2001.12.10941.16384 (WinBuild.160101.080
    6FBE0000-6FC11000 dataexchange.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    6FA00000-6FBDE000 d3d11.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    6F890000-6F9F9000 dcomp.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    6F7C0000-6F881000 dxgi.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    70310000-70329000 dxcore.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74020000-74204000 twinapi.appcore.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74240000-7425F000 RMCLIENT.dll (Microsoft Corporation),
                      version: 10.0.18362.267 (WinBuild.160101.0800)
    6DA40000-6DBC3000 explorerframe.dll (Microsoft Corporation),
                      version: 10.0.18362.418 (WinBuild.160101.0800)
    6FED0000-6FF95000 PROPSYS.dll (Microsoft Corporation),
                      version: 7.0.18362.267 (WinBuild.160101.0800)
    72720000-7272B000 LINKINFO.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    6D970000-6D9D1000 ntshrui.dll (Microsoft Corporation),
                      version: 10.0.18362.329 (WinBuild.160101.0800)
    74FD0000-74FEC000 srvcli.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    6D960000-6D96E000 cscapi.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    727A0000-72811000 appresolver.dll (Microsoft Corporation),
                      version: 10.0.18362.356 (WinBuild.160101.0800)
    72750000-72795000 Bcp47Langs.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    72730000-72750000 SLC.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    74FA0000-74FBE000 USERENV.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    6DA20000-6DA3C000 sppc.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    6D8E0000-6D953000 policymanager.dll (Microsoft Corporation),
                      version: 10.0.18362.387 (WinBuild.160101.0800)
    6D870000-6D8D5000 msvcp110_win.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    64990000-649E7000 bass.dll (Un4seen Developments),
                      version: 2.4.14
    6DE40000-6DE59000 MSACM32.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    71AC0000-71AE4000 WINMM.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    70FD0000-70FF3000 winmmbase.dll (Microsoft Corporation),
                      version: 10.0.18362.1 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.5.0_x86__kcr266et74avj\win32\MusicBee.exe [12300] 2020-01-12T09:39:10
    2  C:\Windows\explorer.exe [6040] 2020-01-12T08:27:07
    3  C:\Windows\System32\userinit.exe [5488] 2020-01-12T08:27:05 28.7s
    4  C:\Windows\System32\winlogon.exe [760] 2020-01-12T08:26:57
       winlogon.exe
    5  C:\Windows\System32\smss.exe [616] 2020-01-12T08:26:57 162ms
       \SystemRoot\System32\smss.exe 000000b8 00000084
    6  C:\Windows\System32\smss.exe [368] 2020-01-12T08:26:53
       \SystemRoot\System32\smss.exe
    
    Dropped Files
    1  C:\Users\Hannu\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VWAH1H9VT7GNJYRY1IAC.temp
         Dropped by \Device\HarddiskVolume1\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.5.0_x86__kcr266et74avj\win32\MusicBee.exe [12300]
    2  C:\Users\Hannu\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d014c0be50851f63.customDestinations-ms~RF42399d.TMP
         Dropped by \Device\HarddiskVolume1\Program Files\WindowsApps\50072StevenMayall.MusicBee_3.3.5.0_x86__kcr266et74avj\win32\MusicBee.exe [12300]
    
    Thumbprints
    9f1da9992559236d1f425ac8c06028db0d7bfe7d061253f9c0cb2d4627ffbf1b
    7a33ad00e22a53d91dd1a6f097fd37d9c8a9cd3bd512070eb7ce988aaf722733
     
    Last edited by a moderator: Jan 12, 2020
  25. Valdez

    Valdez Registered Member

    Joined:
    Apr 21, 2016
    Posts:
    50
    Location:
    Italien
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.