HitmanPro.ALERT Support and Discussion Thread

When making the registry change to stop HMP.A autoupdate, I am reminding folks that per a response to the post linked by BoerenkoolMetWorst, users should be aware that a different situation may/will result if HMP.A is already offering you an update. Here is that post: https://www.wilderssecurity.com/thr...iscussion-thread.324841/page-612#post-2806694

Seemed like a good idea to point this out.

 

Log name: Application
Source: Application Error
Date: 24-11-2021 08:33:01
Event ID:1000
Task Category: (100)
Level:Error
Keywords: Classic
User: n/a
Computer: ****
Description:
Application name with error: hmpalert.exe, version: 3.8.18.921, timestamp: 0x618d224d
Module name with error: ntdll.dll, version: 10.0.19041.1288, timestamp: 0x027db076
Exception code: 0xc0000005
Error code: 0x00044e71
Id of process with error: 0x75c
Application start time with error: 0x01d7e103f8af4cc7
Path to application with error: C:³Program Files (x86)³HitmanPro.Alert.exe
Path to module with error: C:\WINDOWSYSTEM32\ntdll.dll
Rapport-id: 2cb0472b-a1c5-43ab-b806-294882f0cb11
Full package name with error:
Relative application id of package with error:

Translated with www.DeepL.com/Translator (free version)

 

Log name: Application
Source: Application Error
Date: 21-11-2021 16:47:40
Event ID:1000
Task Category: (100)
Level:Error
Keywords: Classic
User: n/a
Computer: ****
Description:
Application name with error: hmpalert.exe, version: 3.8.18.921, timestamp: 0x618d224d
Module name with error: CRYPT32.dll, version: 10.0.19041.1320, timestamp: 0xa1fbb410
Exception code: 0xc0000005
Error code: 0x00033917
Id of process with error: 0x75c
Application start time with error: 0x01d7deef143c5aeb
Path to application with error: C:³Program Files (x86)³HitmanPro.Alert.exe
Path to module with error: C:\WINDOWSystem32.dll
Rapport-id: 951a55b2-25b5-454e-b2d4-0ef91725a515
Full package name with error:
Relative application id of package with error:

Translated with www.DeepL.com/Translator (free version)

 

how can i manage my license ?
i wanna use a license on a inactive system for a new system
thx in advance

 

Hi, please contact support@hitmanpro.com and send your key so they can check the status.

 

So no Black Friday or Cyber Monday sales this year?

 

Doesn’t look like it. Sophos is having a 50% off sale but apparently just for Sophos labeled stuff.

 

HitmanPro.Alert 3.8.19 Build 923

Changelog (compared tot build 921):
Improved Game detection
Improved LockdownLoadImage whitlisting

Download
https://dl.surfright.nl/hmpalert3b923.exe

We'll also be auto-updating 921 and 907 users.
Please let us know how this version runs on your machine

 

Auto-updated two machines flawlessly.

 

Elder Scrolls Online still does not work.

Spoiler

Mitigation Kernel32Trap
Timestamp 2021-11-30T21:50:49

Platform 10.0.19043/x64 v923 06_3a
PID 9440
Feature 007D0A30000001A2
Application C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online\game\client\eso64.exe
Created 2021-11-27T13:46:19
Description ESO 1.0

Caller info: eso64.exe+0x201BBE2
Root owner module name : eso64.exe
00007FF6CCF9BBE2 488d4c2450 LEA RCX, [RSP+0x50]
00007FF6CCF9BBE7 488945d0 MOV [RBP-0x30], RAX
00007FF6CCF9BBEB e8f065ffff CALL 0x7ff6ccf921e0
00007FF6CCF9BBF0 488d05b9302400 LEA RAX, [RIP+0x2430b9]
00007FF6CCF9BBF7 41b842000000 MOV R8D, 0x42
00007FF6CCF9BBFD 4c8d0dfc302400 LEA R9, [RIP+0x2430fc]
00007FF6CCF9BC04 4889442420 MOV [RSP+0x20], RAX
00007FF6CCF9BC09 488d15d0ad2d00 LEA RDX, [RIP+0x2dadd0]
00007FF6CCF9BC10 488d4c2460 LEA RCX, [RSP+0x60]
00007FF6CCF9BC15 e87664ffff CALL 0x7ff6ccf92090
00007FF6CCF9BC1A 488bc8 MOV RCX, RAX
00007FF6CCF9BC1D e8fe65ffff CALL 0x7ff6ccf92220

Code thumbprint:6c078d45a7355122afb5c18fc9b134f0bffa25b03e181f6c7722125373acd2d3
Number of used instructions: 0x0000000c
OwnerModuleThumbprint: 891e955c64c8ad2fded57a8526dd7018ce72a2277787cc832b154325cbf6d21a

Stack Trace
# Address Module Location
-- ---------------- ------------------------ ----------------------------------------
1 00007FFCE44D0D33 hmpalert.dll +0x40d33

2 00007FF6CCF9BBE2 eso64.exe
488d4c2450 LEA RCX, [RSP+0x50]
488945d0 MOV [RBP-0x30], RAX
e8f065ffff CALL 0x7ff6ccf921e0
488d05b9302400 LEA RAX, [RIP+0x2430b9]
41b842000000 MOV R8D, 0x42
4c8d0dfc302400 LEA R9, [RIP+0x2430fc]
4889442420 MOV [RSP+0x20], RAX
488d15d0ad2d00 LEA RDX, [RIP+0x2dadd0]
488d4c2460 LEA RCX, [RSP+0x60]
e87664ffff CALL 0x7ff6ccf92090
488bc8 MOV RCX, RAX
e8fe65ffff CALL 0x7ff6ccf92220

3 00007FF6CCC1C003 eso64.exe
4 00007FF6CCC19C39 eso64.exe
5 00007FF6CB03E390 eso64.exe
6 00007FFCE493E473 ucrtbase.dll _initterm +0x43
7 00007FF6CCB23148 eso64.exe
8 00007FFCE60C7034 kernel32.dll BaseThreadInitThunk +0x14
9 00007FFCE7022651 ntdll.dll RtlUserThreadStart +0x21

Loaded Modules (56)
-----------------------------------------------------------------------------
00007FF6CAF80000-00007FF6CDA97000 eso64.exe (),
version: 1, 0, 0, 1
00007FFCE6FD0000-00007FFCE71C5000 ntdll.dll (Microsoft Corporation),
version: 10.0.19041.1288 (WinBuild.160101.0800)
00007FFCE4490000-00007FFCE45A6000 hmpalert.dll (SurfRight B.V.),
version: 3.8.19.923
00007FFCE60B0000-00007FFCE616E000 KERNEL32.dll (Microsoft Corporation),
version: 10.0.19041.1348 (WinBuild.160101.0800)
00007FFCE4AB0000-00007FFCE4D78000 KERNELBASE.dll (Microsoft Corporation),
version: 10.0.19041.1348 (WinBuild.160101.0800)
00007FFCE57D0000-00007FFCE57D8000 PSAPI.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCE63C0000-00007FFCE63F0000 IMM32.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCE54C0000-00007FFCE5661000 USER32.dll (Microsoft Corporation),
version: 10.0.19041.1202 (WinBuild.160101.0800)
00007FFCE48F0000-00007FFCE4912000 win32u.dll (Microsoft Corporation),
version: 10.0.19041.1320 (WinBuild.160101.0800)
00007FFCE5FB0000-00007FFCE5FDB000 GDI32.dll (Microsoft Corporation),
version: 10.0.19041.1202 (WinBuild.160101.0800)
00007FFCE4DE0000-00007FFCE4EEB000 gdi32full.dll (Microsoft Corporation),
version: 10.0.19041.1110 (WinBuild.160101.0800)
00007FFCE46F0000-00007FFCE478D000 msvcp_win.dll (Microsoft Corporation),
version: 10.0.19041.789 (WinBuild.160101.0800)
00007FFCE4920000-00007FFCE4A20000 ucrtbase.dll (Microsoft Corporation),
version: 10.0.19041.789 (WinBuild.160101.0800)
00007FFCE5D50000-00007FFCE5DFC000 ADVAPI32.dll (Microsoft Corporation),
version: 10.0.19041.1052 (WinBuild.160101.0800)
00007FFCE5730000-00007FFCE57CE000 msvcrt.dll (Microsoft Corporation),
version: 7.0.19041.546 (WinBuild.160101.0800)
00007FFCE6EF0000-00007FFCE6F8B000 sechost.dll (Microsoft Corporation),
version: 10.0.19041.906 (WinBuild.160101.0800)
00007FFCE6290000-00007FFCE63BA000 RPCRT4.dll (Microsoft Corporation),
version: 10.0.19041.1288 (WinBuild.160101.0800)
00007FFCE6580000-00007FFCE6CBF000 SHELL32.dll (Microsoft Corporation),
version: 10.0.19041.1320 (WinBuild.160101.0800)
00007FFCE5390000-00007FFCE54BA000 ole32.dll (Microsoft Corporation),
version: 10.0.19041.1202 (WinBuild.160101.0800)
00007FFCE5020000-00007FFCE5375000 combase.dll (Microsoft Corporation),
version: 10.0.19041.1348 (WinBuild.160101.0800)
00007FFCE6E00000-00007FFCE6ECD000 OLEAUT32.dll (Microsoft Corporation),
version: 10.0.19041.985 (WinBuild.160101.0800)
00007FFCE6040000-00007FFCE60AB000 WS2_32.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCE4FF0000-00007FFCE5017000 bcrypt.dll (Microsoft Corporation),
version: 10.0.19041.1023 (WinBuild.160101.0800)
00007FFCE57E0000-00007FFCE5C52000 SETUPAPI.dll (Microsoft Corporation),
version: 10.0.19041.1237 (WinBuild.160101.0800)
00007FFCE4EF0000-00007FFCE4F3E000 cfgmgr32.dll (Microsoft Corporation),
version: 10.0.19041.1151 (WinBuild.160101.0800)
00007FFCE4790000-00007FFCE48E6000 CRYPT32.dll (Microsoft Corporation),
version: 10.0.19041.1320 (WinBuild.160101.0800)
00007FFCE39A0000-00007FFCE39DB000 IPHLPAPI.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCDCC20000-00007FFCDCC2A000 VERSION.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCD8DF0000-00007FFCD8E17000 WINMM.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCC2D20000-00007FFCC2DD0000 granny2_x64.dll (),
version:
000000006FC50000-000000006FC8E000 steam_api64.dll (Valve Corporation),
version: 03.42.61.66
00007FFCC2CA0000-00007FFCC2D1D000 bink2w64.dll (RAD Game Tools, Inc.),
version: 2020.09
00007FFCBC410000-00007FFCBC49D000 MSVCP140.dll (Microsoft Corporation),
version: 14.29.30133.0 built by: vcwrkspc
00007FFCBC5E0000-00007FFCBC5EC000 VCRUNTIME140_1.dll (Microsoft Corporation),
version: 14.29.30133.0 built by: vcwrkspc
00007FFCBC3F0000-00007FFCBC40B000 VCRUNTIME140.dll (Microsoft Corporation),
version: 14.29.30133.0 built by: vcwrkspc
00007FFCD2F50000-00007FFCD2F59000 WSOCK32.dll (Microsoft Corporation),
version: 10.0.19041.1 (WinBuild.160101.0800)
00007FFCE1E60000-00007FFCE1E67000 XINPUT9_1_0.dll (Microsoft Corporation),
version: 10.0.19041.1 (WinBuild.160101.0800)
000000006FAE0000-000000006FC45000 icuuc55_x64.dll (The ICU Project),
version: 55, 1, 0, 0
000000006C0F0000-000000006C2ED000 icuin55_x64.dll (The ICU Project),
version: 55, 1, 0, 0
00007FFCB0E00000-00007FFCB1204000 D3DCOMPILER_47.dll (Microsoft Corporation),
version: 6.3.9600.16384 (winblue_rtm.130821-1623)
00007FFCDC6E0000-00007FFCDC7EC000 WINHTTP.dll (Microsoft Corporation),
version: 10.0.19041.1320 (WinBuild.160101.0800)
00000221FB030000-00000221FC8E8000 icudt55_x64.dll (The ICU Project),
version: 55, 1, 0, 0
00007FFCE3EC0000-00007FFCE3ECC000 CRYPTBASE.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCE4A20000-00007FFCE4AA3000 bcryptPrimitives.dll (Microsoft Corporation),
version: 10.0.19041.1348 (WinBuild.160101.0800)
00007FFCE6DA0000-00007FFCE6DF5000 Shlwapi.dll (Microsoft Corporation),
version: 10.0.19041.1023 (WinBuild.160101.0800)
00007FFCB78E0000-00007FFCB7926000 bthprops.cpl (Microsoft Corporation),
version: 10.0.19041.388 (WinBuild.160101.0800)
00007FFCE63F0000-00007FFCE649D000 SHCORE.dll (Microsoft Corporation),
version: 10.0.19041.1320 (WinBuild.160101.0800)
00007FFCE4300000-00007FFCE4334000 DEVOBJ.dll (Microsoft Corporation),
version: 10.0.19041.1151 (WinBuild.160101.0800)
00007FFCC30D0000-00007FFCC336A000 comctl32.dll (Microsoft Corporation),
version: 6.10 (WinBuild.160101.0800)
00007FFCDCEA0000-00007FFCDCED7000 BluetoothApis.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCE5380000-00007FFCE5388000 NSI.dll (Microsoft Corporation),
version: 10.0.19041.610 (WinBuild.160101.0800)
00007FFCDE430000-00007FFCDE44D000 dhcpcsvc.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCE45E0000-00007FFCE4611000 SspiCli.dll (Microsoft Corporation),
version: 10.0.19041.1266 (WinBuild.160101.0800)
00007FFCE4D80000-00007FFCE4DE0000 Wintrust.dll (Microsoft Corporation),
version: 10.0.19041.1266 (WinBuild.160101.0800)
00007FFCE40E0000-00007FFCE40F2000 MSASN1.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
00007FFCD97C0000-00007FFCD99A4000 DbgHelp.dll (Microsoft Corporation),
version: 10.0.19041.867 (WinBuild.160101.0800)

Process Trace
1 C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online\game\client\eso64.exe [9440]
"C:\Program Files (x86)\Zenimax Online\The Elder Scrolls Online\game\client\eso64.exe" Language.2=de viewer_id= onetime_token= product_id=215828 is_steam=
2 C:\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
3 C:\Windows\explorer.exe [7464]

Dropped Files
1 C:\PROGRAM FILES (X86)\ZENIMAX ONLINE\LAUNCHER\HOST.DEVELOPER.LOG
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
2 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\061b8d0af8fa3d892fdc9723a00d5d6ccff18f5a.patchmanifest.partial
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
3 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\a9dd6ff070f316b1e0ae1d082da204d7bf300c19.patchmanifest.partial
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
4 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\aebfd59d00cc111cfe164faba2a8e3663b221809.patchmanifest.partial
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
5 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\ba64b60aadecb38544f285f42442ba51ec7099bd.patchmanifest.partial
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
6 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\d82983e3fa3c13c6d21a9ff9fe43d18c7daba657.patchmanifest.partial
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
7 C:\Program Files (x86)\Zenimax Online\Launcher\ProgramData\Host.dc170dba81ddf1d6d35f51b7e692cc50f4a4ccba\ceac5cd22c9d6bb3644585fbf70a2dacf6d485a0.patchmanifest.partial
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
Read by \Device\HarddiskVolume7\Program Files (x86)\Zenimax Online\Launcher\Bethesda.net_Launcher.exe [14908]
1 C:\Users\marti\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x00000000000006e8.db
Dropped by \Device\HarddiskVolume7\Windows\explorer.exe [7464]
2 C:\Users\marti\AppData\Local\Microsoft\Windows\Explorer\NotifyIcon\Microsoft.Explorer.Notification.{A137E124-24B0-E4B8-1C9B-70319DF8FBF2}.png
Dropped by \Device\HarddiskVolume7\Windows\explorer.exe [7464]

Thumbprints
b38f2892575768829e31c30d56ded8f7eebb273d322beada3fc4bfeabb58b317
6c078d45a7355122afb5c18fc9b134f0bffa25b03e181f6c7722125373acd2d3 (code)
891e955c64c8ad2fded57a8526dd7018ce72a2277787cc832b154325cbf6d21a (ownermodule)

 

Please have a look here, this would have triggered on previous builds also because they use weird programming hence triggering our KernelTrap

https://hitmanpro.zendesk.com/hc/en...ware-blocks-an-application-that-I-want-to-use

 

I had already tried to suppress the alert on version 921, but that had not worked, Hitman stops the ESO application every time again.
I simply added the eso64.exe to the exclusions again. I had removed it only for testing in version 923. So no problem actually.

 

Okay, looks like it creates more than one unique thumbprint for this alert then.

 

Auto-updated to build 923. No problems so far.

 

Another failed update, so I could investigate:

For me the hmpalert_update.exe is not in %APPDATA%\Local\Temp, but in Z:\Temp (as set in the TEMP variable) and Z: is my RAM disk...

 

Automic update, No problem.
Automatikus frissítés, nincs probléma.

 

In ESET Smart Security Premium (15.0.18.0) I have enabled browser protection for all browsers. No conflict with HitmanPro.Alert (3.8.19 build 923) Firefox 94.0.2.

1. My question is, is this normal operation? Does HitmanPro.Alert protect my browsing?

2. On the other hand, it seems to work in ESET's protected browser too. Is it working properly here? It did not work at ESET Internet Security.

3. If there is some serious malware threat, won't there be a collision between them (ESET-HitmanPro.Alert)? This is usually the main problem in such cases.


Másrészt úgy tűnik, hogy az ESET védett böngészőjében is működik. Itt rendesen működik?

 

After notification that the PC needed to be rebooted to install the latest version 3.8.19 build 923.
Restarted the pc and encountered no problems.

Windows 11 version 21H2 Build 22000.348
AV: Emsisoft Anti-malware

 

Automatic update on 2 machines, no problems.

 

Automatic update yesterday. All good here.

 

923 seems to be working OK, but the repeated reminders to reboot are annoying as h3!!. And they disrupt my work flow. It's particularly irksome when I'm on a roll on a difficult project and the stupid thing keeps interrupting me.

There needs to be a simple (GUI) way to tell these reminders to bug off already.

Avast used to have (maybe they still do) a neat option offering several choices of when to reboot after an update: one of them was "next century."

 

This ^^^

 

Spoiler: Brave Update Blocked

Mitigation APCViolation
Timestamp 2021-12-01T20:13:37

Platform 10.0.19044/x64 v923 06_5e
PID 3168
WoW x86
Feature 007D0A30000001A6
Application C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe
Created 2021-12-01T01:34:24
Description BraveSoftware Update 1.3

APC intercepted:
Owner of APC-func: <-UNKNOWN->
001E0000 83ec08 SUB ESP, 0x8
001E0003 0fb7442414 MOVZX EAX, WORD [ESP+0x14]
001E0008 66890424 MOV [ESP], AX
001E000C 6689442402 MOV [ESP+0x2], AX
001E0011 8b442410 MOV EAX, [ESP+0x10]
001E0015 89442404 MOV [ESP+0x4], EAX
001E0019 8d442414 LEA EAX, [ESP+0x14]
001E001D 50 PUSH EAX
001E001E 8d442404 LEA EAX, [ESP+0x4]
001E0022 50 PUSH EAX
001E0023 6a00 PUSH 0x0
001E0025 6a00 PUSH 0x0
001E0027 ff54241c CALL DWORD [ESP+0x1c]
001E002B 83c408 ADD ESP, 0x8
001E002E c20c00 RET 0xc
001E0031 43 INC EBX

----- SNIP HERE -----
AAMBAQAAHgAAAB4AAAAeAAAQAACD7AgPt0QkFGaJBCRmiUQkAotEJBCJRCQEjUQkFFCNRCQEUGoAagD/VCQcg8QIwgwAQwA6AFwAUAByAG8AZwByAGEAbQAgAEYAaQBsAGUAcwAgACgAeAA4ADYAKQBcAFcAaQBzAGUAVgBlAGMAdABvAHIAXABXAGkAcwBlAFYAZQBjAHQAbwByAEgAZQBsAHAAZQByAE8AbgBlAF8AWAA4ADYALgBkAGwAbAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAEAAAFWAA==
----- END SNIP -----

Loaded Modules (29)
-----------------------------------------------------------------------------
006B0000-006FC000 BraveCrashHandler.exe (BraveSoftware Inc.),
version: 1.3.361.111
77D30000-77ED3000 ntdll.dll (Microsoft Corporation),
version: 10.0.19041.1288 (WinBuild.160101.0800)
77AB0000-77BA0000 KERNEL32.dll (Microsoft Corporation),
version: 10.0.19041.1348 (WinBuild.160101.0800)
74EF0000-75003000 hmpalert.dll (SurfRight B.V.),
version: 3.8.19.923
768E0000-76AF4000 KERNELBASE.dll (Microsoft Corporation),
version: 10.0.19041.1387 (WinBuild.160101.0800)
748E0000-74948000 UMEngx86.dll (Broadcom),
version: 12.3.0.69
75BF0000-75D90000 USER32.dll (Microsoft Corporation),
version: 10.0.19041.1387 (WinBuild.160101.0800)
76DA0000-76DB8000 win32u.dll (Microsoft Corporation),
version: 10.0.19041.1387 (WinBuild.160101.0800)
77710000-77734000 GDI32.dll (Microsoft Corporation),
version: 10.0.19041.1202 (WinBuild.160101.0800)
77740000-7781E000 gdi32full.dll (Microsoft Corporation),
version: 10.0.19041.1387 (WinBuild.160101.0800)
775A0000-7761B000 msvcp_win.dll (Microsoft Corporation),
version: 10.0.19041.789 (WinBuild.160101.0800)
766D0000-767F0000 ucrtbase.dll (Microsoft Corporation),
version: 10.0.19041.789 (WinBuild.160101.0800)
77CA0000-77D1A000 ADVAPI32.dll (Microsoft Corporation),
version: 10.0.19041.1052 (WinBuild.160101.0800)
779A0000-77A5F000 msvcrt.dll (Microsoft Corporation),
version: 7.0.19041.546 (WinBuild.160101.0800)
77380000-773F5000 sechost.dll (Microsoft Corporation),
version: 10.0.19041.906 (WinBuild.160101.0800)
76C90000-76D4F000 RPCRT4.dll (Microsoft Corporation),
version: 10.0.19041.1288 (WinBuild.160101.0800)
77620000-77703000 ole32.dll (Microsoft Corporation),
version: 10.0.19041.1202 (WinBuild.160101.0800)
75E80000-76101000 combase.dll (Microsoft Corporation),
version: 10.0.19041.1348 (WinBuild.160101.0800)
76110000-766C6000 SHELL32.dll (Microsoft Corporation),
version: 10.0.19041.1387 (WinBuild.160101.0800)
778C0000-77905000 SHLWAPI.dll (Microsoft Corporation),
version: 10.0.19041.1023 (WinBuild.160101.0800)
75BA0000-75BB3000 NETAPI32.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
754E0000-75505000 USERENV.dll (Microsoft Corporation),
version: 10.0.19041.572 (WinBuild.160101.0800)
754D0000-754D8000 VERSION.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
75B70000-75B7B000 NETUTILS.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
74860000-74870000 WKSCLI.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
74E50000-74EEE000 0patchLoader.dll (Acros Security),
version: 21.05.05.10500
74CC0000-74E48000 dbghelp.dll (Microsoft Corporation),
version: 10.0.19041.1052 (WinBuild.160101.0800)
74C90000-74CB6000 dbgcore.DLL (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)
74C60000-74C89000 ntmarta.dll (Microsoft Corporation),
version: 10.0.19041.546 (WinBuild.160101.0800)

Process Trace
1 C:\Program Files (x86)\BraveSoftware\Update\1.3.361.111\BraveCrashHandler.exe [3168]
2 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [13656]
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /c
3 C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [14320]
"C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe" /svc
4 C:\Windows\System32\services.exe [544]
5 C:\Windows\System32\wininit.exe [900]
wininit.exe

Dropped Files

Thumbprints
54546eccab051b4032667a73c427de7b0cece216c8233540aef90a1fae5363b4
eace90517eb4a8ca7dde2a39fa4fb4ddd6094f112c8b997e0c2bb3bf044f54c6 (code)
0939473d77aac740c15535526e0ad221a03aa3e79a78f35b10d7e24fcea522c8 (pfn)

 

CookieGuard-mitigation with Vivaldi 4.3 and HitmanPro.Alert build 923. Btw Vivaldi was installed on a ramdisk for testpurposes.

 

That's a gift of Wisevector they seem to 'use' APC to inject their DLL.