HitmanPro.Alert BETA

@RonnyT I installed it and after rebooting I had two blue screens.




I uninstalled it and everything went back to normal.

 

No problems upgrading build 911.

Win10 21H1 build 19043.1165

 

Manually installed, no problem: Win 10 x64 Pro v21H1 19043.1202.

 

Manually upgrading no problems,

Windows 10 Pro versie 21H1.

 

I forgot to ask, did you address any of the issues that I reported? And what about the "Unexpected system calls" feature, will this make a comeback, or is it simply too tricky to implement this.

 

If only we had unlimited resources
Yes SYSCALL will return, it just needs a bit more attention before we can roll that again.

 

It seems the root cause for the crash isn't our code, it might however be that with your setup we push something over a boundary that causes the network driver to show this behavior.

But are you saying this runs fine on build 907 and not with 911?

 

I rebooted with version 911 and got several blue screens this with the previous version I could not fully test but when upgraded to version 907 and rebooted I had no problems. This rebooting with version 911 and getting blue screens with the network driver happened to me several times. I have a cheap adapter with their unsigned driver downloaded from their official site and it is a tl-wn725n. Maybe they can reproduce the problem so I can fix it and if you need more information like logs or something similar I am at your disposal. Thank you very much.

Translated with DeepLcom/Translator (free version)

 

Can you share the memory.dmp (via private message) so we can have a look, it's weird that 907 works fine and 911 seems to push things over the edge.

 

Done.

 

LOL good one, you should ask Sophos for more resources LOL. Because it's all about the details and I know HMPA is being used to gather feedback for the Sophos Intercept X product, so would be nice if you could add or fix this stuff. And nice to know that SYSCALL will be coming back. And I see that you guys added a mitigation for some IE exploit (CVE-2021-40444), people who are still using IE are asking for trouble, wouldn't spend much time on it LOL.

 

Well the CVE was collateral damage, we where already in the process of adding this to lockdown due to being abused in the wild to compromise machines via Office files.

The IE part sounds nice but that's not how Windows and/or Office works, they use shared modules so even if you bork IE this exploit will still work.

 

Manually upgraded a couple of days ago and everything is running well.

 

Actually, my bad. I don't know what happened but I now see that this stuff is not so much related to IE but to MS Office, so yes then it's important to add mitigations against this.

 

Code:

Mitigation   Lockdown
Timestamp    2021-10-02T10:38:20

Platform     10.0.19043/x64 v911 06_8e
PID          29380
WoW          x86
Feature      007D0A36000001B6
Application  C:\Users\pauld\AppData\Local\WhatsApp\Update.exe
Created      2021-09-01T08:50:42
Description  Update.exe

Filename     C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\WhatsApp.exe
Created By   C:\Users\pauld\AppData\Local\WhatsApp\Update.exe

Command line:
"C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\WhatsApp.exe" --squirrel-updated 2.2138.13

Loaded Modules (81)
-----------------------------------------------------------------------------
00C50000-00E7A000 Update.exe (GitHub),
                  version: 1.9.1.0
77E30000-77FD3000 ntdll.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
77700000-777F0000 KERNEL32.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
74770000-747C2000 MSCOREE.DLL (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
76A00000-76C15000 KERNELBASE.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
74F30000-75042000 hmpalert.dll (SurfRight B.V.),
                  version: 3.8.15.911
695A0000-69628000 a2hooks32.dll (Emsisoft Ltd),
                  version: 2019.02.0.1903
77A50000-77BF1000 USER32.dll (Microsoft Corporation),
                  version: 10.0.19041.1237 (WinBuild.160101.0800)
76E40000-76E58000 win32u.dll (Microsoft Corporation),
                  version: 10.0.19041.1237 (WinBuild.160101.0800)
76130000-76154000 GDI32.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
76480000-7655C000 gdi32full.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
76CD0000-76D4B000 msvcp_win.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
76360000-76480000 ucrtbase.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
762E0000-7635A000 ADVAPI32.dll (Microsoft Corporation),
                  version: 10.0.19041.1052 (WinBuild.160101.0800)
77C60000-77D1F000 msvcrt.dll (Microsoft Corporation),
                  version: 7.0.19041.546 (WinBuild.160101.0800)
77560000-775D5000 sechost.dll (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
76220000-762DF000 RPCRT4.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
76E60000-77413000 SHELL32.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
769A0000-769C5000 IMM32.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
742C0000-742E9000 ntmarta.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75650000-75C58000 windows.storage.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
75DF0000-76071000 combase.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
75620000-75644000 Wldp.dll (Microsoft Corporation),
                  version: 10.0.19041.662 (WinBuild.160101.0800)
75D60000-75DE7000 SHCORE.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
77510000-77555000 shlwapi.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
75600000-75618000 profapi.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
74560000-745ED000 mscoreei.dll (Microsoft Corporation),
                  version: 4.8.4180.0 built by: NET48REL1LAST_B
755A0000-755AF000 kernel.appcore.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
755C0000-755C8000 VERSION.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
737F0000-73FA1000 clr.dll (Microsoft Corporation),
                  version: 4.8.4400.0 built by: NET48REL1LAST_C
743A0000-743B4000 VCRUNTIME140_CLR0400.dll (Microsoft Corporation),
                  version: 14.10.25028.0 built by: VCTOOLSD15RTM
742F0000-7439B000 ucrtbase_clr0400.dll (Microsoft Corporation),
                  version: 14.10.25028.0 built by: VCTOOLSD15RTM
721C0000-735CE000 mscorlib.ni.dll (Microsoft Corporation),
                  version: 4.8.4400.0 built by: NET48REL1LAST_C
76D50000-76E33000 ole32.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
760D0000-7612F000 bcryptPrimitives.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
72130000-721BA000 clrjit.dll (Microsoft Corporation),
                  version: 4.8.4400.0 built by: NET48REL1LAST_C
76160000-761F6000 OLEAUT32.dll (Microsoft Corporation),
                  version: 10.0.19041.985 (WinBuild.160101.0800)
057A0000-061F6000 System.ni.dll (Microsoft Corporation),
                  version: 4.8.4360.0 built by: NET48REL1LAST_C
70E10000-71628000 System.Core.ni.dll (Microsoft Corporation),
                  version: 4.8.4390.0 built by: NET48REL1LAST_C
6E170000-6E58B000 WindowsBase.ni.dll (Microsoft Corporation),
                  version: 4.8.4390.0 built by: NET48REL1LAST_C
754D0000-754E3000 CRYPTSP.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
754A0000-754CF000 rsaenh.dll (Microsoft Corporation),
                  version: 10.0.19041.1052 (WinBuild.160101.0800)
769E0000-769F9000 bcrypt.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
75490000-7549A000 CRYPTBASE.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
6D530000-6E170000 PresentationCore.ni.dll (Microsoft Corporation),
                  version: 4.8.4390.0 built by: NET48REL1LAST_C
6C130000-6D528000 PresentationFramework.ni.dll (Microsoft Corporation),
                  version: 4.8.4390.0
6BF20000-6C123000 System.Xaml.ni.dll (Microsoft Corporation),
                  version: 4.8.4390.0 built by: NET48REL1LAST_C
65730000-65940000 dwrite.dll (Microsoft Corporation),
                  version: 10.0.19041.1165 (WinBuild.160101.0800)
65A30000-65BBD000 wpfgfx_v0400.dll (Microsoft Corporation),
                  version: 4.8.4390.0 built by: NET48REL1LAST_C
656C0000-6572B000 MSVCP140_CLR0400.dll (Microsoft Corporation),
                  version: 14.10.25028.0 built by: VCTOOLSD15RTM
655D0000-656B3000 PresentationNative_v0400.dll (Microsoft Corporation),
                  version: 4.8.4390.0 built by: NET48REL1LAST_C
75CE0000-75D5E000 clbcatq.dll (Microsoft Corporation),
                  version: 2001.12.10941.16384 (WinBuild.160101.080
5ADB0000-5BB7E000 System.Web.ni.dll (Microsoft Corporation),
                  version: 4.8.4330.0 built by: NET48REL1LAST_B
70D00000-70E06000 System.Configuration.ni.dll (Microsoft Corporation),
                  version: 4.8.4190.0 built by: NET48REL1LAST_B
70580000-70CF4000 System.Xml.ni.dll (Microsoft Corporation),
                  version: 4.8.4084.0 built by: NET48REL1
5C7D0000-5C85D000 webengine4.dll (Microsoft Corporation),
                  version: 4.8.4330.0 built by: NET48REL1LAST_B
777F0000-777F6000 PSAPI.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
755D0000-755F5000 USERENV.dll (Microsoft Corporation),
                  version: 10.0.19041.572 (WinBuild.160101.0800)
745F0000-746D1000 rasapi32.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
70420000-7044B000 rasman.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
743E0000-743F1000 rtutils.dll (Microsoft Corporation),
                  version: 10.0.19041.1165 (WinBuild.160101.0800)
77640000-776A3000 WS2_32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75140000-75192000 mswsock.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75260000-75328000 winhttp.dll (Microsoft Corporation),
                  version: 10.0.19041.1151 (WinBuild.160101.0800)
754F0000-75522000 IPHLPAPI.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
769D0000-769D7000 NSI.dll (Microsoft Corporation),
                  version: 10.0.19041.610 (WinBuild.160101.0800)
75240000-75254000 dhcpcsvc6.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75220000-75236000 dhcpcsvc.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75090000-75121000 DNSAPI.dll (Microsoft Corporation),
                  version: 10.0.19041.1151 (WinBuild.160101.0800)
75130000-75138000 WINNSI.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75080000-75088000 rasadhlp.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
735D0000-73628000 fwpuclnt.dll (Microsoft Corporation),
                  version: 10.0.19041.964 (WinBuild.160101.0800)
743C0000-743CA000 secur32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
753E0000-75401000 SSPICLI.DLL (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
66480000-664F8000 schannel.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
66470000-66480000 mskeyprotect.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
73FC0000-73FE8000 NTASN1.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74020000-74041000 ncrypt.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
66450000-6646F000 ncryptsslp.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
77D20000-77E1A000 crypt32.dll (Microsoft Corporation),
                  version: 10.0.19041.1202 (WinBuild.160101.0800)
755B0000-755BE000 MSASN1.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)

Process Trace
1  C:\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
C:\Users\pauld\AppData\Local\WhatsApp\Update.exe --update https://web.whatsapp.com/desktop/windows/release/x64?version=2.2134.10&beta=true
2  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2134.10\WhatsApp.exe [24612]

Dropped Files
1  C:\Users\pauld\AppData\Local\WhatsApp\packages\WhatsApp-2.2138.13-full.nupkg
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
        Read by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
2  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\chrome_100_percent.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
3  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\chrome_100_percent.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
4  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\chrome_200_percent.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
5  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\chrome_200_percent.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
6  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\d3dcompiler_47.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
7  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\d3dcompiler_47.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
8  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\ffmpeg.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
9  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\ffmpeg.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
10 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\icudtl.dat.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
11 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\icudtl.dat.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
12 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\libEGL.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
13 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\libEGL.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
14 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\libGLESv2.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
15 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\libGLESv2.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
16 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\LICENSE.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
17 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\LICENSE.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
18 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\am.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
19 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\am.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
20 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ar.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
21 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ar.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
22 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\bg.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
23 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\bg.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
24 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\bn.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
25 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\bn.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
26 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ca.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
27 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ca.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
28 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\cs.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
29 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\cs.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
30 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\da.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
31 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\da.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
32 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\de.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
33 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\de.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
34 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\el.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
35 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\el.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
36 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\en-GB.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
37 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\en-GB.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
38 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\en-US.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
39 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\en-US.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
40 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\es-419.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
41 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\es-419.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
42 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\es.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
43 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\es.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
44 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\et.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
45 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\et.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
46 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fa.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
47 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fa.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
48 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fi.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
49 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fi.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
50 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fil.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
51 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fil.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
52 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fr.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
53 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\fr.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
54 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\gu.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
55 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\gu.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
56 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\he.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
57 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\he.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
58 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\hi.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
59 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\hi.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
60 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\hr.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
61 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\hr.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
62 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\hu.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
63 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\hu.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
64 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\id.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
65 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\id.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
66 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\it.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
67 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\it.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
68 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ja.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
69 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ja.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
70 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\kn.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
71 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\kn.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
72 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ko.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
73 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ko.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
74 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\lt.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
75 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\lt.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
76 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\lv.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
77 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\lv.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
78 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ml.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
79 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ml.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
80 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\mr.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
81 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\mr.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
82 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ms.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
83 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ms.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
84 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\nb.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
85 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\nb.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
86 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\nl.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
87 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\nl.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
88 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\pl.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
89 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\pl.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
90 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\pt-BR.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
91 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\pt-BR.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
92 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\pt-PT.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
93 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\pt-PT.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
94 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ro.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
95 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ro.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
96 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ru.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
97 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ru.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
98 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sk.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
99 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sk.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
100 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sl.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
101 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sl.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
102 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sr.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
103 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sr.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
104 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sv.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
105 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sv.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
106 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sw.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
107 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\sw.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
108 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ta.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
109 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\ta.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
110 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\te.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
111 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\te.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
112 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\th.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
113 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\th.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
114 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\tr.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
115 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\tr.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
116 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\uk.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
117 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\uk.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
118 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\vi.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
119 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\vi.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
120 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\zh-CN.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
121 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\zh-CN.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
122 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\zh-TW.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
123 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\locales\zh-TW.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
124 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\msvcp140.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
125 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\msvcp140.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
126 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources.pak.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
127 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources.pak.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
128 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
129 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\electron-panel-window\bin\win32-x64-80\electron-panel-window.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
130 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\electron-panel-window\bin\win32-x64-80\electron-panel-window.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
131 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\electron-panel-window\build\Release\NativeExtension.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
132 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\electron-panel-window\build\Release\NativeExtension.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
133 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
134 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
135 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\macos-notification-state\bin\win32-x64-80\macos-notification-state.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
136 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\macos-notification-state\bin\win32-x64-80\macos-notification-state.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
137 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\macos-notification-state\build\Release\notificationstate.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
138 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\macos-notification-state\build\Release\notificationstate.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
139 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-quarantine\bin\win32-x64-80\node-quarantine.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
140 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-quarantine\bin\win32-x64-80\node-quarantine.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
141 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-quarantine\build\Release\binding.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
142 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-quarantine\build\Release\binding.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
143 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-shared-mem\bin\win32-x64-80\node-shared-mem.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
144 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-shared-mem\bin\win32-x64-80\node-shared-mem.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
145 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-shared-mem\build\Release\node_shared_mem.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
146 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\node-shared-mem\build\Release\node_shared_mem.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
147 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\ql-win32\bin\win32-x64-80\ql-win32.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
148 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\ql-win32\bin\win32-x64-80\ql-win32.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
149 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\ql-win32\build\Release\binding.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
150 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\ql-win32\build\Release\binding.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
151 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\bin\win32-x64-80\wavoip.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
152 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\bin\win32-x64-80\wavoip.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
153 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\binding.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
154 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\binding.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
155 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\msvcp140.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
156 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\msvcp140.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
157 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\vcruntime140.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
158 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\vcruntime140.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
159 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\vcruntime140_1.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
160 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\wavoip\build\Release\vcruntime140_1.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
161 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-focus-assist\bin\win32-x64-80\windows-focus-assist.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
162 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-focus-assist\bin\win32-x64-80\windows-focus-assist.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
163 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-focus-assist\build\Release\focus-assist.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
164 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-focus-assist\build\Release\focus-assist.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
165 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-notification-state\bin\win32-x64-80\windows-notification-state.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
166 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-notification-state\bin\win32-x64-80\windows-notification-state.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
167 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-notification-state\build\Release\notificationstate.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
168 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-notification-state\build\Release\notificationstate.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
169 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-quiet-hours\bin\win32-x64-80\windows-quiet-hours.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
170 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-quiet-hours\bin\win32-x64-80\windows-quiet-hours.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
171 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-quiet-hours\build\Release\quiethours.node.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
172 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\resources\app.asar.unpacked\node_modules\windows-quiet-hours\build\Release\quiethours.node.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
173 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\snapshot_blob.bin.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
174 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\snapshot_blob.bin.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
175 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\squirrel.exe.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
176 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\squirrel.exe.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
177 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\v8_context_snapshot.bin.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
178 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\v8_context_snapshot.bin.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
179 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vcruntime140.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
180 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vcruntime140.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
181 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vcruntime140_1.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
182 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vcruntime140_1.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
183 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vk_swiftshader.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
184 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vk_swiftshader.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
185 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vulkan-1.dll.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
186 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\vulkan-1.dll.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
187 C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\WhatsApp.exe
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
        Read by \Device\HarddiskVolume5\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [2788]
                \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
188 C:\Users\pauld\AppData\Local\WhatsApp\WhatsApp.exe.diff
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
189 C:\Users\pauld\AppData\Local\WhatsApp\WhatsApp.exe.shasum
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
190 C:\Users\pauld\AppData\Local\WhatsApp\packages\SquirrelTemp\tempa
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\Update.exe [29380]
1  C:\Users\pauld\AppData\Roaming\WhatsApp\settings.json
     Dropped by \Device\HarddiskVolume5\Users\pauld\AppData\Local\WhatsApp\app-2.2134.10\WhatsApp.exe [24612]

Thumbprints
8d3dcfc0b52b757265195cb9b7347d9dad44727fa83ddf184880e729df380a57

followed by:

Code:

Mitigation   Lockdown
Timestamp    2021-10-02T11:01:21

Platform     10.0.19043/x64 v911 06_8e
PID          8764
Application  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\WhatsApp.exe
Created      2021-10-02T10:38:17
Description  WhatsApp 2.2138.13

Filename     C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\WhatsApp.exe
Created By   C:\Users\pauld\AppData\Local\WhatsApp\Update.exe


Process Trace
1  C:\Users\pauld\AppData\Local\WhatsApp\app-2.2138.13\WhatsApp.exe [8764]
2  C:\Users\pauld\AppData\Local\WhatsApp\WhatsApp.exe [27952]
3  C:\Windows\explorer.exe [3940]

Dropped Files
1  C:\Users\pauld\AppData\Local\Microsoft\Windows\INetCache\IE\Z5D8HOIT\LightRainV3[1].svg
     Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [3940]
2  C:\Users\pauld\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
     Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [3940]
3  C:\Users\pauld\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1920_1080_POS1.jpg
     Dropped by \Device\HarddiskVolume5\Windows\explorer.exe [3940]
        Read by \Device\HarddiskVolume5\Windows\explorer.exe [3940]

Thumbprints
fe34601955e32df5f586a5413e770f2925a311d79f5cda142d1747fe09736433

WhatsApp desktop has been updating and executing up till now, protected with template 'Other'.

OK to suppress this?

 

I'v got the same, Whatsapp seems to have forgotten to code-sign their last update hence the "updater.exe" tries to introduce unsigned code to the machine and for an application under lockdown this works as expected.

I would stay away from this release, the versionnumbered folder also contains way more stuff then the others, and reddit has complains about ffmpeg not found issues on this version.
Just start the version in this folder for now C:\Users\<UserID>\AppData\Local\WhatsApp\app-2.2134.10

 

Thanks Ronny, yes exactly all those issues.
In fact, ffmpeg.dll issue led me to uninstall and reinstall - seems they have also reverted to v2.2134.10.

 

Hallo,

When I try to print I get an error message:

https://www.imgdumper.nl/uploads9/61606e5ca0140/61606e5c9ceb2-Naamloos.png


Windows 11 Pro version 21H2
HitmanPro.Alert Versie 3.8.15 build 911


I have to use the printer and have chosen: Suppress warning.

 

Can you send us the Technische details to support@hitmanpro.com please so we can investigate?
If you select Alert Details you can click in the text and use CTRL+A to select all and then CTRL+C to copy the details.

 

@RonnyT: https://www.wilderssecurity.com/threads/adguard-ad-blocker.342850/page-118#post-3041322

 

@RonnyT:

I had 2 x BSOD with HMPA 907 win 10 version 20H2 19042.1288.

I was in full 3d app when BSODS occurred. 1 hour or so before last BSOD catroot folder suffer a modification also same catroot2. The only difference is catroot2 had 2 cat file inside that suspicious folder.

5 months ago immersive control start crashes, can't fix it with SFC or DISM, about 3 months ago HMPA start to throw ROP errors when try to open powershell. But only one .exe of powershell , the one I pinned to start for convenience some time ago.
this one : C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

I uninstall 907 I'm using 903 now.

HMPA will fail to scan for some time now 1-2 months. Exclusions set in ESET firewall and HIPS.

1. Is there a more stable version than 903?
2. If 907 was maybe still is, beta why I was upgraded to it?
3.Hitman Pro still not scanning when called from HMPA and is a very old issue still not addressed? Why? Sophos servers are to busy for small lab rats like me?
4.I understand on the old win7 cryptographic service get corrupted and than used to get certificated and than files on the victims computer but now on win 10 updated is the same and all under nose of HMPA and ESET? How?
ROP? oh no that's FP prolly cause is some anti cheating code , stack buffer flow attack -neh FP.
also some dropping of files with extension 0. In temp and in Program Data.
5.Same fate have other services on my computer -delivery optimization, Search, WMI.

 

I've got .911 here.

#1915

 

No need for BETA, need a stable version

 

Part of one BSOD


SYMBOL_NAME: hmpalert+14260

MODULE_NAME: hmpalert

IMAGE_NAME: hmpalert.sys

STACK_COMMAND: .cxr 0xfffff30c44d61730 ; kb

BUCKET_ID_FUNC_OFFSET: 14260

FAILURE_BUCKET_ID: 0x3B_c0000005_hmpalert!unknown_function

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

FAILURE_ID_HASH: {125c6b09-6d6a-8f33-6d50-6f3fa8bebefb}

Followup: MachineOwner



I fix myself the problem with HMPA failing to call scan because doesn't download Hitman Pro in Program Files and than scan the computer.

Every time you you install HMPA manually you have than download Hitman Pro manually and than tick YES retain a copy for future scan otherwise HMPA doesn't do it. Why is so hard to fix that?

 

The ROP on power shell report