HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Richard981

    Richard981 Suspended Member

    Joined:
    Aug 21, 2020
    Posts:
    14
    Location:
    Canada
    honestly though chrome is also bloatware - somehow its the best browser and most bloated at same time - weird - i do not use it though
     
  2. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I still can't turn anti malware on and cloud protection is still offline.
     
  3. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    I tried to download the setup for built 887, the file downloaded from sophos' website just opens the UI of HMP.A
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Can hitmanpro alert protect against keylogger like keyscrambler?thanks
     
  5. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    Yes. It can protect against them by keystroke encryption. Turn on sticky notiications to see it working.
     
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thanks.can you send an image to see thanks
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    So I may not need keyscrambler then nice
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    IIRC: HMPA encrypts what is typed in a browser.
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thanks and other apps? Whasup?
     
  10. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    here is a test
    Look at the lower right. (Excuse the adguard shield.)
    ScreenShot_20201210233622.png
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Is it set up by default to see pop ups?
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Beautiful thanks
     
  13. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    3,336
    Location:
    Location Unknown
    I do not remember, but if you click on sticky notifications in the main gui you can enable them.

    ScreenShot_20201210233622.png
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thank you
     
  15. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    other people may have answered this already. HMP.A can protect the keystrokes that you put into applications that it has been set to protect.

    And by the way. You still need antivirus to go with it. HMP.A protects against a lot of stuff, namely exploits and other things that exploits would take advantage of. It doesn't stop conventional malware that the user would be tricked into downloading.
     
  16. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    Thankyou for making me aware of that. Now I can know at a glance exactly which applications have what protection.
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    I have webroot too
     
  18. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    487
    Location:
    VPN city
    Okay. That's more of a reactive product, but as long as you got one to go along with HMP.A you should be fine. See my signature. PM me about my setup if you're so inclined.
     
  19. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    Thank ýou
     
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    HMPA 3.8.8 build 889 and MiTeC System Information X ?

    HeapHeapProtect

    The application, one of its loaded modules, or another process, has attempted to allocate memory with executable permissions to introduce additional code not part of the base program.

    MITRE ATT&CK

    Supply Chain Compromise - ID: T1195, Tactic: Initial Access

    Code:
    Mitigation   HeapHeapProtect
    Timestamp    2020-12-11T11:17:48
    
    Platform     10.0.19042/x64 v889 06_8e
    PID          20752
    Feature      003D0A30000001A2
    Application  D:\Portable Applications\MiTec\System Information X\MSIX64.exe
    Created      2020-12-11T11:17:04
    Description  MiTeC System Information X 4
    
    Callee Type  AllocateVirtualMemory
    
    Shellcode (HHA) (0x00006000 bytes)
    Owner of CALLER: (anonymous; allocated by 0000000000CD8E9E, MSIX64.exe)
    
    OwnerModule
    Name         MSIX64.exe
    Thumbprint   fce89e87fa4408cbb97263c3fbf02e7ea7bf5cae0349631ded5b45d1f9561503
    SHA-256      be71774724abac46eae116883b8670c4d70592ae95d2409a2884af0b5dc3bfaf
    SHA-1        c6ff05abc8435e10a3d9f389a5323e7acce3cef7
    MD5          24c6eb102eca1e1b059b5c721a311a7e
    
    00000000028AC424  ff9720020000             CALL         QWORD [RDI+0x220]
    00000000028AC42A  eb02                     JMP          0x28ac42e
    00000000028AC42C  a34585c070fae9adfb       MOV          [0xfbade9fa70c08545], EAX
    
    ----- SNIP HERE -----
    AAAWAQDAigIAAAAAJMSKAgAAAAAAwIoCAAAAAADQBgAw6wJAFU2LhzABAADrAhBeTYXAcwO4onEPhKQLAADp8QsAAJDrA0gmh4tBPOsDKJ0pSAPI6wKNjYE5UEUAAOsBGA+FZPz//+lQBgAA6wMosznpZP7//+sB6YtPBOsDAZrQSQNPOOsBtYsX6wFFhdJyGA+E7f3//+nQ+///6wKOLU0z23oBgfdHCAEAAABxASBBD5XD6wMxmCtJi8zrA2Ro8UiL1+sCJjREi08Y6wMIkeFMjRU5EQAA6wLp20yLRTDrAukDTQPK6wExTIlcJCDrAajoKwYAAOsBPoXAcJPpqgUAAOsBPTPSeFu5DxrPTOsCug5NM8B4+rJH6wHhQf9XQOsC92BMi9DrAXZB/5cgAgAA6wM6q9xJiX0A6wF5xge46wKgGYlHAesBs8ZHBcPrAjBNSI1/BusBNOl1CgAA6wNriKVIjWUQ6wKD8kFf6wMNpzdBXusC3WRBXesBd1vrAo2SX+sB2V7rAeNd6wOjWPPD6wOIkqdMi8HrAS1mgTlNWusCNn0PhR/7///pmP7//+sCPbjp8gkAAOsCwM9Mi9DrAShB/5cgAgAA6wOhhqJJiX0A6wFNZscHSLjrAkljSIlHAusCqV3GRwrD6wF+SI1/C+sC2XvrvOsCvJRmg/gE6wKMmg+EEvz//+nwBgAA6wOKmO9Ii8/rAUlEi0cY6wMJZIxMjRXmDwAA6wM6keBIi1Uw6wE2TQPC6wLRBOgp/f//6wHyhcBxAttsD4RsCwAA6YIJAACQ6wFDTY0MAOsC36eLQQTrA8GKIIXAcHMPhFb6///pzAMAAOsCIoqD+AXrA4St4g+CDwQAAOna9v//kOsC6WVMi1VY6wGhQTlCDOsBqA+UwOsCodlBOVIQ6wEKD5TE6wJPTCLEcwPI91TpcwMAAOsC0GK4AQAAAOsDIgVqw+sB8maD+AfrAgmBD4QbAgAA6Sn5//+Q6wEDZoF5GAsC6wPIAEkPhcz5///pN/r//+sCiXwzwHkDQ4V/6yMKVtHrAxFcvfdBJCAAACBzAop+D4U1BQAA653i6jCQ6wJlTEiDxFDrAX1BXOsCgCDD6wMbbJFJiX0A6wFKSI01LA4AAOsCAru5jwAAAOsCqdrzpOsD9oLiM9J+AmMsuZXL4q3rArsDTTPAdgPpEZiyR+sCQUhB/1dA6wMl69ZIi8/rAk4bTIvQ6wGJQf+XIAIAAOsCQmdIjX9o6wHG6W8MAADrAUwPhWgBAADpNQIAAJDrA7z0rEGLQAbrAalB9gABcQNNNR4PhW4MAADpc/X//5DrA7mBaOmX+v//6wNFAINIAVU46wMVjsMzyXYCMIdIi1U46wNHJVVBuAAwAADrARxBuUAAAADrAbZMi1UA6wGDQf+XIAIAAOsCo0WFwHD66a37///rAUJIK9HrAjtXi0E86wLRa0iNDAHrAQUPt0EG6wJnJUiNiQgBAADrARDp7QEAAOsCuyO4CQMAAOsBZel1+P//6wO+Siy6EgAAAOsDDYlrSIvO6wI9DwNVBOsCJVNB/5fYAAAA6wO4w5iFwHECD6wPhO8BAADpzwoAAJDrArqTSMcH/yUAAOsDu9kKSIl3BusCJQtIg8cR6wMaNTJIg+f8cQPpDUyDRQAR6wJlD4NlAPxxA6lhXem6BgAA6wO9SHnpsAYAAOsCg4RNi5fQAAAA6wHSSYtCKOsDaIOESYlFAOsBI+mNBgAA6wO5LcJMi+DrAkCB90cIBgAAAHCiD4U/+///6ev2///rAk2NQQ+3RgrrAYxBi1YG6wK+i00zwHoBOkUPt04E6wFISIlEJCDrAiOZQf+XcAIAAOsCyipIhcBwU+lYAQAA6wFCuCIDAADrAYfpLwUAAOsCqW1MOV146wKhnXXl6agGAADrAqORTYuX0AAAAOsDPX1ZSYtCMOsD0KTTSYlFAOsB6OnlBQAA6wMdD+1MOU1o6wJjSXWs6VUDAADrAou2ZoP4CesCJo8PhFr9///pkQMAAOsCgfNMjR0UDAAA6wLz5otPFOsCGkkz0nyZSQPL6wF5RTPAdQxMi1UQ6wJFREH/lyACAADrAiizSIXAcJzpKPb//+sCQ0KIRQzrAXLpMwQAAOsByEGLQQTrAYPD6wPIpOpEi0EM6wM9UXdEO8LrAsHID4f2AQAA6ZQAAACQ6wNBaUVMjQ3uCQAA6wGzTSvh6wEkScHsAusCYxRJi8TrATbp4wcAAOsC6M9JiX0A6wK96+ne9v//6wPIaTsPhJb1///pHwEAAOsC0pRmgXkEZIbrAyGzeQ+F/vX//+kc/P//6wOiAJEPhH4FAADpj/n//5DrA8jZlPdHCBAAAABzAc0PhA8EAADpEAcAAJDrAo6lRANBCOsDRb7bQTvQ6wI1ZA+D0gMAAOn8+///kOsCxkFV6wOAaRhW6wKJjlfrA/+L/FPrAitGQVXrAXFBVusD/42sQVfrAfBIg+wQ6wO8oIJIi+zrAg/9SIPsUOsCDVhIiU1Q6wLZfUiJVVjrAj7rTIlFYOsDhowwx0UEAAAAAOsDT8j0x0UIAAAAAOsDuA3xTIs9r/H//+sBPUSLagTrAgk1TQNvOOsBSEmL+OsCY7ZNi/HrAbeLGusDqesD6NP5///rAsKBhcBzATjp6PT//+sDiKoZSAFFMOsB24tPBOsBD0kDTzjrA6BE4YsX6wIAVkjB4gPrAQREi4WAAAAA6wLbvEyNjYAAAADrA2hsH0yLVQjrAQVB/5cgAgAA6wEjSIXAcvDpggUAAOsDjaJMSIvC6wMItxNIK0QkaOsCMWLp7fr//+sDjpDHhMlxARkPhCX8///phfX//+sByDPAcwMPvF3D6wOgTrJBD7ZOAesB4ID5/+sBAQ+EG/7//+vK9zlj6wLyOukeAwAA6wIhb0mJfQDrAjpeSI014AgAAOsDZU0wuY8AAADrAX3zpOsD6TUOM9J2Ab65xH42WesDyJP4TTPAcNKyR+sCTCVB/1dA6wLbQ0iLz+sBe0yL0OsBRkH/lyACAADrA6JMR0iNf2jrAQjp/Pv//+sDIZ5pZoP4BesDvFSgD4Sq9v//6b/z///rAblJiXUA6wP3iNn/RQjrA79SUOl/AgAA6wF9TDlVcOsDossAD4VD/P//6U/8///rAU1Mi1Ug6wKALUH/lyACAADrAT2D+FfrA754vw+Ej/z//+mbAQAA6wODQH+4BAMAAOsBtelAAQAA6wPepXVmg/gK6wMFzykPhAD////piwIAAOsDacct6R0BAADrAumsuAEDAADrAQLpDAEAAOsCge5Ii00o6wI2MEiLVTjrAgqvQbggAAAA6wJETEyNjYAAAADrAdBMi1UI6wFoQf+XIAIAAOsCD065AAEAAOsCObqLFX4HAADrAUZJA1c46wMidD1EiwVvBwAA6wEAScHgA+sB5kyNTWDrAsi7Qf+XWAIAAOsCGmdMi0VA6wISHEyLTUjrAtNnTItVUOsDg2qTTItdWOsD6aISTDlFYOsDTjNp6Q8EAADrAXhmg/gD6wOGv5sPhJn2///pi/f//+sCT3vHRQAAAAAA6wOOmBxIi01Q6wJCo0GKBusCGKmoCHECaXEPhY8FAADpZ/P//5DrAbb3RwgCAAAAclUPhW/6///pkfP//+sCxoJIjaWQAAAA6wK6LFvrAouoQVzrA78VtV/rAalBX+sCGKBd6wKJvcPrA4GQxkiDwSjrAbf/yOsDadhgD4VV+///6Vz9///rAkPRTI0dAwcAAOsDCreji08U6wOGkTwz0ngzSQPL6wECQbgADgAA6wLCW0yLVRDrAsKqQf+XIAIAAOsCI1VIhcBwO+lq+P//6wNpi8BJg8YM6wILqkmDxQjrAtuR/8vrAWoPhQr////pRfP//+sD0JA3g30IAOsCvFoPlcDrAvaH6dr1///rARsBTQDrAyKyuEmJfQDrAg++86TrA8FNLund8f//6wFxuhIAAADrAkzZi0UA6wMlhzk7wusDY0xmD4KJAgAA6ScCAACQ6wKhVOvW6wHY6fn7///rAoukix/rAXxIjX8E6wF76bP+///rAXD3RwgCAAAAcmAPhRD2///plvT//+sBwIP4Q+sBZQ+H7/b//+lcAgAA6wKGgrgwAwAA6wEz6b3w///rAwVDwUiLyOsBtTPSch5B/9DrAanrnOsCudczwHMDv7RJ6Wj+///rA0AbaDPAd6LpAPX//+sDaU8fD4W1+P//6dP8///rArivTYtXaOsBTEmLFMLrAqNcSYlVAOsDOqik6Rf////rAeMz0nMCg3O5xbFmLesBNE0zwHQCY4qyR+sDD0iDQf9XQOsDLaZfTIvQ6wLoYEH/lyACAADrAj7+SbhIjQUBAAAAw+sCEmlJiX0A6wO4KwFMiQfrAoAjTYuX0AAAAOsBAkiNTwjrA0gFdUiL0OsCAGZB/1IY6wKJp02Ll9AAAADrAg3YSI1PCOsCjJ9B/1Io6wI16kiNfAcK6wFz6VL7///rAaFIi01Q6wIVS0iL0OsDaCEJ6Ov2///rAeaFwHMCqeQPhbn7///pZgEAAOsC6Ykz0nQBMEWLRgbrASZNM8l0A4O89UyJTCQg6wNrq01B/5dwAgAA6wEMSIXAcvYPhMH+///pO/H//+sDDfZB6QP+///rA8UdWQ+Evfv//+nL8P//6wO5hxG4BwMAAOsCyJ/p8vz//+sD0oaQQWsAIOsCuVtIA9DrAU5Jg8Ac6wLoTf/J6wG8dePp//X//+sBEyvC6wO7NG8pRQTrAqI06Uj9///rArw1TI0d/QMAAOsBcItPFOsD0QSdM9J4UUkDy+sBc0G4AAgAAOsC3SVMi1UQ6wIDJEH/lyACAADrAg3WSIXAcNrpGf7//+sBeivQ6wNAuGsBVQTrAoGU6ev8///rAsA+D4US9///6Vf3///rA7+FN02LTML46wM2FUtJiRPrAxFkoUjHAv8lAADrAcBMiUoG6wMDuhFIg8IR6wFKSIPi/HDmSYPADOsC9nxJg8MI6wL2gv/J6wEw6fYAAADrAcFB9gYEcGoPhUL6///pkvn//+sDa6T2M9J33rmUBLLZ6wMDqrRNM8BzAb6yR+sC6Q5B/1dA6wHlTIvQ6wPHwUFB/5cgAgAA6wEmSbhIjQUBAAAAw+sBMUmJfQDrAyGe2UyJB+sDHVaFTYuX0AAAAOsDY6FbSI1PCOsD2rR8SIvQ6wO4u/RB/1Ig6wJp502Ll9AAAADrAY1IjU8I6wH/Qf9SMOsBwEiNfEcK6wJCEekp/v//6wPBiaOD+P/rA+lUMw+E3PT//+nr8v//6wPchRgPhNP5///pU/z//+sBfmaD+ALrAtCWD4Qr////6aX6///rARsPhQX0///pavj//+sBozPSfQHiTI0FOwIAAOsDPXX5i08U6wJp0UkDyOsC3wVJK4+oAAAA6wGEi8HrAia6SMHgEOsCwB1WhU2Ll9AWAwDrA2OhW0iNTwjrA9q0fEiL0OsDuLv0
    ----- END SNIP -----
    
    Stack Trace
    #  Address          Module                   Location
    -- ---------------- ------------------------ ----------------------------------------
    1  00007FFF4436FA28 KernelBase.dll           VirtualAlloc +0x48
    
    2  00000000028AC42A (anonymous; MSIX64.exe)
                        eb02                     JMP          0x28ac42e
    
    
    Loaded Modules (28)
    -----------------------------------------------------------------------------
    0000000000400000-0000000000CDD000 MSIX64.exe (MiTeC),
                                      version: 4.0.0.0
    00007FFF46BD0000-00007FFF46DC6000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF440C0000-00007FFF441C0000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.8.8.889
    00007FFF46700000-00007FFF467BD000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF44310000-00007FFF445D9000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF46990000-00007FFF46B30000 user32.dll (Microsoft Corporation),
                                      version: 10.0.19041.685 (WinBuild.160101.0800)
    00007FFF44870000-00007FFF44892000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF45F70000-00007FFF45F9A000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.19041.685 (WinBuild.160101.0800)
    00007FFF448A0000-00007FFF449A9000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.19041.685 (WinBuild.160101.0800)
    00007FFF44B60000-00007FFF44BFD000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFF449B0000-00007FFF44AB0000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFF467D0000-00007FFF4687C000 advapi32.dll (Microsoft Corporation),
                                      version: 10.0.19041.610 (WinBuild.160101.0800)
    00007FFF46410000-00007FFF464AE000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.19041.546 (WinBuild.160101.0800)
    00007FFF45A50000-00007FFF45AEC000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF44DE0000-00007FFF44F0B000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF44F30000-00007FFF45672000 shell32.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF456F0000-00007FFF45720000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFF1EA40000-00007FFF1EAEF000 a2hooks64.dll (Emsisoft Ltd),
                                      version: 2019.02.0.1903
    00007FFF42F50000-00007FFF42F83000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFF3EF50000-00007FFF3F6E5000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF45B60000-00007FFF45EB6000 combase.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF43BB0000-00007FFF43BDC000 Wldp.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF45EC0000-00007FFF45F6E000 SHCORE.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF459F0000-00007FFF45A45000 shlwapi.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFF44240000-00007FFF44266000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FFF3E700000-00007FFF3E79E000 uxtheme.dll (Microsoft Corporation),
                                      version: 10.0.19041.610 (WinBuild.160101.0800)
    00007FFF45720000-00007FFF45836000 MSCTF.dll (Microsoft Corporation),
                                      version: 10.0.19041.662 (WinBuild.160101.0800)
    00007FFF45920000-00007FFF459ED000 OLEAUT32.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    
    Process Trace
    1  D:\Portable Applications\MiTec\System Information X\MSIX64.exe [20752] 2020-12-11T11:17:48
    2  C:\Windows\explorer.exe [7324] 2020-12-10T16:53:04
    3  C:\Windows\System32\userinit.exe [7424] 2020-12-10T16:52:59 30.8s
    4  C:\Windows\System32\winlogon.exe [988] 2020-12-10T16:52:43
       winlogon.exe
    5  C:\Windows\System32\smss.exe [868] 2020-12-10T16:52:43 81ms
       \SystemRoot\System32\smss.exe 00000080 00000084
    
    Services
    868  NgcCtnrSvc
    
    Dropped Files
    1  C:\Users\pauld\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
         Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [7324]
    2  C:\Users\pauld\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1920_1080_POS1.jpg
         Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [7324]
            Read by \Device\HarddiskVolume5\Windows\explorer.exe [7324]
    3  D:\Portable Applications\MiTec\System Information X\MSIX64.exe
         Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [7324]
            Read by \Device\HarddiskVolume5\Program Files\Emsisoft Anti-Malware\a2service.exe [2068]
                    \Device\HarddiskVolume5\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2772]
                    \Device\HarddiskVolume6\Portable Applications\MiTec\System Information X\MSIX64.exe [20752]
                    \Device\HarddiskVolume6\Portable Applications\MiTec\System Information X\MSIX64.exe [24284]
    4  D:\Portable Applications\MiTec\System Information X\GetSys64.exe
         Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [7324]
    
    Thumbprints
    b1a16f8b6836260284ce404964a93a903efdebc192070541b608edfe49139a1d (code)
    fce89e87fa4408cbb97263c3fbf02e7ea7bf5cae0349631ded5b45d1f9561503 (ownermodule)
    35e8e4011e58010d30275d1af87f9e297492c3e278b597f9663485d847461758 (pfn)
    
    Edit: Posted link in Beta thread, where it should be.
     
    Last edited: Dec 12, 2020
  21. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    I believe that mail clients should also be protected.
     
  22. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    They are, can you elaborate a bit more on what kind of protection you are talking about?
     
  23. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    I don't think thunderbird is in any protection. I don't know of any other mail clients.
     
  24. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    965
    Location:
    USA
    I have Thunderbird added to my Browser category, under Exploit Mitigations.
     
  25. solitarios

    solitarios Registered Member

    Joined:
    Mar 28, 2016
    Posts:
    230
    yes, but not by default by adding it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.