HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. tempb

    tempb Registered Member

    Joined:
    Mar 31, 2021
    Posts:
    9
    Location:
    Wondering
    937 RC3 fixes all the problems I was seeing. Running for a couple hours now with 0 issues. Looking good, thanks!
     
  2. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    120
    Location:
    Netherlands
    So far so good, no issues encountered during use. Updated from stable.
     
  3. Tume

    Tume Registered Member

    Joined:
    Mar 28, 2022
    Posts:
    2
    Location:
    Finland
    Few logs from Build 939 RC3

    Code:
    Mitigation   RemoteThreadGuard
    Timestamp    2022-03-28T20:21:37
    
    Platform     10.0.19044/x64 v939 8f_01
    PID          2900
    Feature      007D0A30000000A6
    Application  E:\Origin\igoproxy64.exe
    Created      2022-03-28T17:36:04
    Description  igoproxy64.exe
    
    ========================================================
    ==         Current process information                ==
    ========================================================
    ImageBase: 00007FF6868C0000
    SHA-256      7efaf7e77bf348bc9eeebb3bdddbd3403e80b040682c8725a21592b8d6fb6888
    SHA-1        98eb8f1165399d903b97d36d8fe6187cb989d139
    MD5          8b00fab8363d848e4484288d404cc413
    Process has authenticode
    SubjectHash: 37703c58
    ========================================================
    ==              Caller information                    ==
    ========================================================
    Caller: 00007FF87F9E0BC6
    Caller located on Heap: FALSE
    OwnerModule: igo64.dll
    OwnerModule full path: E:\Origin\igo64.dll
    SHA-256      7922ceb6c1b6e8e38628f3fbc41ae618083fff5faa0f22a0ff1937d61a023756
    SHA-1        a78270355f90f95b9c4528a9ff290725db537cf8
    MD5          303fb61f8a8e0f6402d94288f93df7c9
    SubjectHash: 37703c58
    ========================================================
    ==           Remote code information                  ==
    ========================================================
    RemoteProcessName: Z:\Muut Pelit\Battlefield 4\bf4.exe
    RemoteProcessPID: 18868
    Code start: 0000000000180000
    AllocationBase: 0000000000180000
    AllocationProtect: 0x40
    BaseAddress: 0000000000180000
    RegionSize: 0x1000
    State: 0x1000
    Protect: 0x40
    Type: 0x20000
    Owner:  (00)
    remoteMemOwnerProcessId: 2900
    remoteMemOwnerProcessName:
    remoteMemOwnerAddressName: E:\Origin\igo64.dll
    Thread DP: N
    
    Stack Trace
    #  Address          Module                   Location
    -- ---------------- ------------------------ ----------------------------------------
    1  00007FF8CCA0557F KernelBase.dll           CreateRemoteThreadEx +0x29f
    2  00007FF8CD6CAB58 kernel32.dll             CreateRemoteThread +0x38
    
    3  00007FF87F9E0BC6 igo64.dll               
                        4889442478               MOV          [RSP+0x78], RAX
                        48837c247800             CMP          QWORD [RSP+0x78], 0x0
                        753f                     JNZ          0x7ff87f9e0c12
                        ff15bfc70800             CALL         QWORD [RIP+0x8c7bf]
                        89442464                 MOV          [RSP+0x64], EAX
                        e88e7affff               CALL         0x7ff87f9d8670
                        8b4c2464                 MOV          ECX, [RSP+0x64]
                        894c2428                 MOV          [RSP+0x28], ECX
                        488d0ddf210a00           LEA          RCX, [RIP+0xa21df]
                        48894c2420               MOV          [RSP+0x20], RCX
                        4533c9                   XOR          R9D, R9D
                        41b870030000             MOV          R8D, 0x370
                        488d153a1c0a00           LEA          RDX, [RIP+0xa1c3a]
    
    4  00007FF87F9E322D igo64.dll               
    5  00007FF87F9E1035 igo64.dll               
    6  00007FF87F9E0E35 igo64.dll               
    7  00007FF6868C40D2 igoproxy64.exe         
    8  00007FF6868C431A igoproxy64.exe         
    9  00007FF6868C5C33 igoproxy64.exe         
    10 00007FF8CD6A7034 kernel32.dll             BaseThreadInitThunk +0x14
    
    Loaded Modules (27)
    -----------------------------------------------------------------------------
    00007FF6868C0000-00007FF6868D1000 igoproxy64.exe (),
                                      version:
    00007FF8CEFB0000-00007FF8CF1A5000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CD690000-00007FF8CD74E000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CC350000-00007FF8CC46A000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.8.20.939
    00007FF8CC9D0000-00007FF8CCC98000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8C9D90000-00007FF8C9E20000 apphelp.dll (Microsoft Corporation),
                                      version: 10.0.19041.1320 (WinBuild.160101.0800)
    00007FF8CD780000-00007FF8CD920000 USER32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1503 (WinBuild.160101.0800)
    00007FF8CCFE0000-00007FF8CD002000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.19041.1586 (WinBuild.160101.0800)
    00007FF8CD750000-00007FF8CD77B000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1202 (WinBuild.160101.0800)
    00007FF8CCCA0000-00007FF8CCDAB000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CCE40000-00007FF8CCEDD000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.19041.789 (WinBuild.160101.0800)
    00007FF8CCEE0000-00007FF8CCFE0000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.19041.789 (WinBuild.160101.0800)
    00007FF8CD920000-00007FF8CE064000 SHELL32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8A3ED0000-00007FF8A3EEB000 VCRUNTIME140.dll (Microsoft Corporation),
                                      version: 14.31.31103.0
    00007FF8CEE10000-00007FF8CEE40000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FF8CEA00000-00007FF8CEAAD000 shcore.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CEED0000-00007FF8CEF6E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.19041.546 (WinBuild.160101.0800)
    00007FF8CEAB0000-00007FF8CEE04000 combase.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CE1C0000-00007FF8CE2E5000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.19041.1466 (WinBuild.160101.0800)
    00007FF87F990000-00007FF87FC05000 igo64.dll (Electronic Arts),
                                      version: 10,5,111,50299
    00007FF8CD560000-00007FF8CD68A000 ole32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1202 (WinBuild.160101.0800)
    00007FF8CE950000-00007FF8CE9FE000 ADVAPI32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1466 (WinBuild.160101.0800)
    00007FF8CD310000-00007FF8CD3AC000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.19041.1586 (WinBuild.160101.0800)
    00007FF892390000-00007FF89241E000 MSVCP140.dll (Microsoft Corporation),
                                      version: 14.31.31103.0
    00007FF8BFCE0000-00007FF8BFD07000 WINMM.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FF8BA0B0000-00007FF8BA0BC000 VCRUNTIME140_1.dll (Microsoft Corporation),
                                      version: 14.31.31103.0
    00007FF8CB3D0000-00007FF8CB403000 ntmarta.dll (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    
    Process Trace
    1  E:\Origin\igoproxy64.exe [2900]
       E:\Origin\igoproxy64.exe 18868 6096
    2  Z:\Muut Pelit\Battlefield 4\BF4WebHelper.exe [712]
    3  Z:\Muut Pelit\Battlefield 4\BFLauncher.exe [6744]
       "Z:\Muut Pelit\Battlefield 4\BFLauncher.exe"   
    4  E:\Origin\Origin.exe [15452]
       "E:\Origin\Origin.exe" /noUpdate /Autostart:false
    
    Dropped Files
    1  C:\Users\Tuomas\AppData\Local\Origin\Logs\IGO_Log.igoproxy64_2900.txt
         Dropped by \Device\HarddiskVolume6\Origin\igoproxy64.exe [2900]
    1  C:\Users\Tuomas\AppData\Local\Origin\Logs\IGO_Log.BF4WebHelper_712.txt
         Dropped by \Device\HarddiskVolume10\Muut Pelit\Battlefield 4\BF4WebHelper.exe [712]
    1  C:\Users\Tuomas\AppData\Local\Origin\Logs\IGO_Log.BFLauncher_6744.txt
         Dropped by \Device\HarddiskVolume10\Muut Pelit\Battlefield 4\BFLauncher.exe [6744]
    1  C:\Users\Tuomas\AppData\Roaming\Origin\local_54d649a70f8f5e17b8a074eaab866109.xml.lock
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    2  C:\Users\Tuomas\AppData\Roaming\Origin\local_54d649a70f8f5e17b8a074eaab866109.xml.s15452
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    3  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\bdbd3eba26bbf80a56288dc093257349.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    4  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\9baf2d2a48645ea5c037b0a4fdac67cb.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    5  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\30d2ee99a16ea818f2e5a3bf553df734.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    6  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\7ba67cab41b9d29aba45ee3d60c70a47.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    7  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\6ca8e928d1268515d69226abacf1166c.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    8  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\cdbd2b0f13927f2163cf328935b46495.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    9  C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\17dcd92a1573c6c606cea840eb6bf23c.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    10 C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\67a69d9ef2051cb5720b2b8390b89a7b.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    11 C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\bd8f4121a8bea7be896c92b849fc340c.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    12 C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\57e3656c24f489da2db4dbc8c1c8dab1.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    13 C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\f88ef375d9101a79160cb1aa3df8eed8.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    14 C:\Users\Tuomas\AppData\Local\Origin\AvatarsCache\3e956295e70275ccf57aaf367e05502f.jpg
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    15 C:\Users\Tuomas\AppData\Local\Origin\Web Cache\prepared\p15452.d
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    16 C:\Users\Tuomas\AppData\Local\Temp\Origin.p15452
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    17 C:\Users\Tuomas\AppData\Local\Temp\Origin.H15452
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    18 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\temp-index
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    19 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFb755f5.TMP
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    20 C:\Users\Tuomas\AppData\Roaming\Origin\local_54d649a70f8f5e17b8a074eaab866109.xml.W15452
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    21 C:\Users\Tuomas\AppData\Local\Temp\etilqs_6XziWJjh6rd6CrX
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    22 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\index
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    23 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\index-dir\temp-index
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    24 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\9df6045eb6fc1474_0
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    25 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\f7f0dacd3cfad742_0
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    26 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\a31ff2b03e16b07b_0
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    27 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\6356bfa06817ba49_0
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    28 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000e5
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    29 C:\Users\Tuomas\AppData\Roaming\Origin\local_54d649a70f8f5e17b8a074eaab866109.xml.g15452
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    30 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000e6
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    31 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000e7
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    32 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000e8
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    33 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000e9
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    34 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000ea
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    35 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000eb
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    36 C:\Users\Tuomas\AppData\Local\Origin\Origin\cache\QtWebEngine\Default\Cache\f_0000ec
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    37 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\4dab245d6b8adb17_0
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    38 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\0a10de17-e333-45f7-b7d1-5e2bb66b1559\index-dir\temp-index
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    39 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\0a10de17-e333-45f7-b7d1-5e2bb66b1559\index-dir\the-real-index~RFc186e8.TMP
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    40 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\CacheStorage\c588a44589f587eae21a269f7faf460318ef682f\e3734c06-cf05-480f-87e4-bdb681898b6b\index-dir\the-real-index~RFc197ef.TMP
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    41 C:\Users\Tuomas\AppData\Local\Origin\Origin\QtWebEngine\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFc1abf4.TMP
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    42 C:\Users\Tuomas\AppData\Local\Origin\Web Cache\prepared\D15452.d
         Dropped by \Device\HarddiskVolume6\Origin\Origin.exe [15452]
    
    Thumbprints
    N/A
    

    Code:
    Mitigation   Lockdown
    Timestamp    2022-03-28T17:01:24
    
    Platform     10.0.19044/x64 v939 8f_01
    PID          15576
    Feature      007D0A34000020B6
    Application  C:\Windows\System32\cmd.exe
    Created      2022-01-26T23:17:08
    Description  Windows Command Processor 10
    
    Filename     C:\Windows\system32\wbem\WMIC.exe
    
    Command line:
    C:\Windows\system32\wbem\wmic.exe  /namespace:\\root\wmi path MS_SystemInformation get /value
    
    Loaded Modules (24)
    -----------------------------------------------------------------------------
    00007FF76B810000-00007FF76B877000 cmd.exe (Microsoft Corporation),
                                      version: 10.0.19041.746 (WinBuild.160101.0800)
    00007FF8CEFB0000-00007FF8CF1A5000 ntdll.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CD690000-00007FF8CD74E000 KERNEL32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CC350000-00007FF8CC46A000 hmpalert.dll (SurfRight B.V.),
                                      version: 3.8.20.939
    00007FF8CC9D0000-00007FF8CCC98000 KERNELBASE.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CEED0000-00007FF8CEF6E000 msvcrt.dll (Microsoft Corporation),
                                      version: 7.0.19041.546 (WinBuild.160101.0800)
    00007FF8CEAB0000-00007FF8CEE04000 combase.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CCEE0000-00007FF8CCFE0000 ucrtbase.dll (Microsoft Corporation),
                                      version: 10.0.19041.789 (WinBuild.160101.0800)
    00007FF8CE1C0000-00007FF8CE2E5000 RPCRT4.dll (Microsoft Corporation),
                                      version: 10.0.19041.1466 (WinBuild.160101.0800)
    00007FF8CC5D0000-00007FF8CC5FE000 USERENV.dll (Microsoft Corporation),
                                      version: 10.0.19041.572 (WinBuild.160101.0800)
    00007FF8CC610000-00007FF8CC62F000 profapi.dll (Microsoft Corporation),
                                      version: 10.0.19041.844 (WinBuild.160101.0800)
    00007FF8CE950000-00007FF8CE9FE000 ADVAPI32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1466 (WinBuild.160101.0800)
    00007FF8CD310000-00007FF8CD3AC000 sechost.dll (Microsoft Corporation),
                                      version: 10.0.19041.1586 (WinBuild.160101.0800)
    00007FF8CD780000-00007FF8CD920000 USER32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1503 (WinBuild.160101.0800)
    00007FF8CCFE0000-00007FF8CD002000 win32u.dll (Microsoft Corporation),
                                      version: 10.0.19041.1586 (WinBuild.160101.0800)
    00007FF8CD750000-00007FF8CD77B000 GDI32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1202 (WinBuild.160101.0800)
    00007FF8CCCA0000-00007FF8CCDAB000 gdi32full.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CCE40000-00007FF8CCEDD000 msvcp_win.dll (Microsoft Corporation),
                                      version: 10.0.19041.789 (WinBuild.160101.0800)
    00007FF8CEE10000-00007FF8CEE40000 IMM32.DLL (Microsoft Corporation),
                                      version: 10.0.19041.546 (WinBuild.160101.0800)
    00007FF8CD920000-00007FF8CE064000 SHELL32.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CA6E0000-00007FF8CAE74000 windows.storage.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CC010000-00007FF8CC03C000 Wldp.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CEA00000-00007FF8CEAAD000 SHCORE.dll (Microsoft Corporation),
                                      version: 10.0.19041.1566 (WinBuild.160101.0800)
    00007FF8CD170000-00007FF8CD1C5000 shlwapi.dll (Microsoft Corporation),
                                      version: 10.0.19041.1023 (WinBuild.160101.0800)
    
    Process Trace
    1  C:\Windows\System32\cmd.exe [15576]
       C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\wbem\wmic.exe /namespace:\\root\wmi path MS_SystemInformation get /value"
    2  C:\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    3  C:\Users\Tuomas\AppData\Local\WhatsApp\WhatsApp.exe [2568]
    4  C:\Windows\explorer.exe [6920]
    
    Dropped Files
    1  C:\Users\Tuomas\AppData\Local\Temp\ad17907c-a799-40d4-b268-c42eee06197f.tmp
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    2  C:\USERS\TUOMAS\APPDATA\ROAMING\WHATSAPP\SETTINGS.JSON
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    3  C:\Users\Tuomas\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG.old~RFfe2f4.TMP
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    4  C:\Users\Tuomas\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    5  C:\Users\Tuomas\AppData\Roaming\WhatsApp\Session Storage\LOG.old~RFfe304.TMP
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    6  C:\Users\Tuomas\AppData\Roaming\WhatsApp\Session Storage\LOG
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    7  C:\Users\Tuomas\AppData\Roaming\WhatsApp\File System\Origins\LOG.old~RFfe517.TMP
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    8  C:\Users\Tuomas\AppData\Roaming\WhatsApp\File System\Origins\LOG
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    9  C:\Users\Tuomas\AppData\Roaming\WhatsApp\main-process.log
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    10 C:\Users\Tuomas\AppData\Local\Temp\2fd7dcf7-66b6-4b8a-8738-7d11e50a60fd.tmp
         Dropped by \Device\HarddiskVolume3\Users\Tuomas\AppData\Local\WhatsApp\app-2.2208.15\WhatsApp.exe [6868]
    
    Thumbprints
    60dee3b11f85fad463b6963502312bdca19f821405ac12f6495f472c9f8bc67a
    
     
  4. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Thanks! I will choose HitmanPro.Alert.
    Kösz! A HitmanPro.Alert-et választom.
     
  5. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    I'm currently running HMPA RC build 939 on a machine that's infected, and was wondering if anyone from the HMPA team can help me figure out the infection source. HMPA does detect malware activity, so I can provide logs. I don't have a license for HMPA, I don't know if I can contact official support to get some insight.
    I can disinfect the machine, but the infection keeps popping back up from time to time, so I'm basically running a honeypot now... Thanks in advance.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Wow, very cool that you guys keep coming up with new stuff, I mean security wise. I hope you guys can figure out how to keep false positives at a minimum. :thumb:
     
  7. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Auto-updated and rebooted from build 937 RC2 into build 939 RC3 a few days ago and I have not experienced any issues.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    No issues here either with RC3, but I hadn't any issues with RC1 to begin with anyway.
     
  9. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    41
    Location:
    internet
    hello,
    i got one question.
    in the exploit settings of each browser there is a option which is deactivated by default its = SendKey (Prevents sending key events)
    what does this option do and should i activate it ?

    thx Screenshot 2022-04-07 131122.png
     
    Last edited: Apr 7, 2022
  10. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    Hi,

    Please send the alert details and other info that is useful to support@hitmanpro.com and we'll take it from there.
     
  11. RonnyT

    RonnyT QA Engineer

    Joined:
    Aug 9, 2016
    Posts:
    632
    Location:
    Planet Earth
    It should only be activated on Office applications, there is a programmatic way in macro's that can be abused called "SendKeys" this blocks those attempts.
     
    Last edited: Apr 8, 2022
  12. scip

    scip Registered Member

    Joined:
    Feb 13, 2020
    Posts:
    41
    Location:
    internet
    @RonnyT
    thx a lot for the explanation :)
     
  13. anonskii

    anonskii Registered Member

    Joined:
    Dec 16, 2016
    Posts:
    20
    Location:
    UK
  14. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    198
  15. anonskii

    anonskii Registered Member

    Joined:
    Dec 16, 2016
    Posts:
    20
    Location:
    UK
    thanks, at first i would enable it then disables itself, just checked now that it detects my keyboard.
     
  16. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    198
    :thumb:
     
  17. Kaedehara Kazuha

    Kaedehara Kazuha Registered Member

    Joined:
    Apr 25, 2022
    Posts:
    5
    Location:
    Cyberspace
    I got these when I double-click an .epub file to open it with Koodo Reader:
    Mitigation Lockdown
    Timestamp 2022-04-25T14:59:12

    Platform 10.0.22000/x64 v939 06_8e%
    PID 2464
    Feature 007D4B361F9F01B2
    Application D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe
    Created 2022-03-18T14:40:47
    Description Koodo Reader 1.3.9

    Filename C:\WINDOWS\system32\cscript.exe

    Command line:
    cscript C:\Users\JXY\AppData\Local\Temp\node-font-list-fonts.vbs

    Loaded Modules (51)
    -----------------------------------------------------------------------------
    00007FF620170000-00007FF628815000 Koodo Reader.exe (App by Troye),
    version: 1.3.9.780
    00007FFD05640000-00007FFD05849000 ntdll.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD022F0000-00007FFD0240A000 hmpalert.dll (SurfRight B.V.),
    version: 3.8.20.939
    00007FFD03C00000-00007FFD03CBD000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD02DA0000-00007FFD03114000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD03B20000-00007FFD03BF6000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD03380000-00007FFD0341D000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02B30000-00007FFD02C41000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD04520000-00007FFD04898000 combase.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD034E0000-00007FFD03600000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD054A0000-00007FFD0550F000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD03120000-00007FFD03282000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.22000.348 (WinBuild.160101.0800)
    00007FFC887B0000-00007FFC88BA4000 ffmpeg.dll (),
    version:
    00007FFCC93E0000-00007FFCC981E000 UIAutomationCore.DLL (Microsoft Corporation),
    version: 7.2.22000.1 (WinBuild.160101.0800)
    00007FFD00560000-00007FFD00781000 dbghelp.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFCD5600000-00007FFCD5607000 MSIMG32.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD04B90000-00007FFD04BB9000 GDI32.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02C50000-00007FFD02C76000 win32u.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD02C80000-00007FFD02D92000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD050E0000-00007FFD0528C000 USER32.dll (Microsoft Corporation),
    version: 10.0.22000.282 (WinBuild.160101.0800)
    00007FFCFBC00000-00007FFCFBC33000 WINMM.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD04BC0000-00007FFD04C63000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.22000.1 (WinBuild.160101.0800)
    00007FFD01600000-00007FFD0162D000 IPHLPAPI.DLL (Microsoft Corporation),
    version: 10.0.22000.282 (WinBuild.160101.0800)
    00007FFCFBB30000-00007FFCFBB3A000 VERSION.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD01F90000-00007FFD01FB9000 USERENV.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFCE9A10000-00007FFCE9C6F000 DWrite.dll (Microsoft Corporation),
    version: 10.0.22000.258 (WinBuild.160101.0800)
    00007FFCD6E60000-00007FFCD6EFB000 WINSPOOL.DRV (Microsoft Corporation),
    version: 10.0.22000.348 (WinBuild.160101.0800)
    00007FFCF0E40000-00007FFCF0E4C000 Secur32.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFCFB4C0000-00007FFCFB5CC000 WINHTTP.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD052F0000-00007FFD0538E000 sechost.dll (Microsoft Corporation),
    version: 10.0.22000.556 (WinBuild.160101.0800)
    00007FFCFC3C0000-00007FFCFC3DE000 dhcpcsvc.DLL (Microsoft Corporation),
    version: 10.0.22000.71 (WinBuild.160101.0800)
    00007FFD01CF0000-00007FFD01D32000 SSPICLI.DLL (Microsoft Corporation),
    version: 10.0.22000.556 (WinBuild.160101.0800)
    00007FFD05460000-00007FFD05491000 IMM32.DLL (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD03300000-00007FFD0337F000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.22000.376 (WinBuild.160101.0800)
    00007FFD053B0000-00007FFD0545E000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.22000.434 (WinBuild.160101.0800)
    00007FFD02210000-00007FFD0221C000 CRYPTBASE.DLL (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02260000-00007FFD022AD000 powrprof.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02230000-00007FFD02243000 UMPDC.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFCFFD50000-00007FFCFFDFC000 uxtheme.dll (Microsoft Corporation),
    version: 10.0.22000.120 (WinBuild.160101.0800)
    00007FFD01EF0000-00007FFD01F57000 mswsock.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD03CC0000-00007FFD0446F000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.22000.593 (WinBuild.160101.0800)
    00007FFD05510000-00007FFD055FA000 shcore.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD01AD0000-00007FFD01AE8000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.22000.71 (WinBuild.160101.0800)
    00007FFD03A20000-00007FFD03A29000 NSI.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFCFC160000-00007FFCFC179000 dhcpcsvc6.DLL (Microsoft Corporation),
    version: 10.0.22000.71 (WinBuild.160101.0800)
    00007FFD01670000-00007FFD01758000 DNSAPI.dll (Microsoft Corporation),
    version: 10.0.22000.593 (WinBuild.160101.0800)
    00007FFCFFFC0000-00007FFCFFFF4000 ntmarta.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02A60000-00007FFD02A81000 profapi.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD00B40000-00007FFD013A8000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.22000.593 (WinBuild.160101.0800)
    00007FFD009D0000-00007FFD00B36000 wintypes.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD05290000-00007FFD052ED000 shlwapi.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)

    Process Trace
    1 D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [2464]
    "D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe" --type=renderer --user-data-dir="C:\Users\JXY\AppData\Roaming\koodo-reader" --app-path="D:\Users\JXY\AppData\Local\Programs\Koodo Reader\resources\app.asar" --no-sandbox --no-zygote --fiel
    2 D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    "D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe" "E:\book\novel\test1.epub"
    3 C:\Windows\explorer.exe [9252]

    Dropped Files
    1 C:\Users\JXY\AppData\Local\Temp\node-font-list-fonts.vbs
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [2464]
    1 C:\Users\JXY\AppData\Roaming\koodo-reader\Local Storage\leveldb\LOG.old~RF245043.TMP
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    2 C:\Users\JXY\AppData\Roaming\koodo-reader\Local Storage\leveldb\LOG
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    3 C:\Users\JXY\AppData\Local\Temp\fb556d02-3d20-4fce-98f5-e3ff9c049ea8.tmp
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    4 C:\Users\JXY\AppData\Roaming\koodo-reader\IndexedDB\file__0.indexeddb.leveldb\LOG.old~RF24568d.TMP
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    5 C:\Users\JXY\AppData\Roaming\koodo-reader\IndexedDB\file__0.indexeddb.leveldb\LOG
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    1 C:\Users\JXY\AppData\Local\Microsoft\Windows\INetCache\IE\3B0S0GKS\LightRainV3[1].png
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]
    2 C:\Users\JXY\AppData\Roaming\Microsoft\Windows\Recent\test.epub.lnk
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]
    3 C:\Users\JXY\AppData\Roaming\Microsoft\Windows\Recent\novel.lnk
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]
    4 C:\Users\JXY\AppData\Roaming\Microsoft\Windows\Recent\test1.epub.lnk
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]

    Thumbprints
    05ee4c6ff9b3482738f0f25918f27669ba4ff458f2d8712121f10fe64b87f8e7
    Mitigation Lockdown
    Timestamp 2022-04-25T14:59:12

    Platform 10.0.22000/x64 v939 06_8e%
    PID 17260
    Feature 007D0A36000001B6
    Application C:\Windows\System32\cmd.exe
    Created 2021-11-07T05:30:37
    Description Windows 命令处理程序 10

    Filename C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe

    Command line:
    powershell -command "chcp 65001;Add-Type -AssemblyName PresentationCore;$families=[Windows.Media.Fonts]::SystemFontFamilies;foreach($family in $families){$name='';if(!$family.FamilyNames.TryGetValue([Windows.Markup.XmlLanguage]::GetLanguage('zh-cn'),[ref]$name)){$name=$family.FamilyNames[[Windows.Markup.XmlLanguage]::GetLanguage('en-us')]}echo $name}"

    Loaded Modules (25)
    -----------------------------------------------------------------------------
    00007FF65C0B0000-00007FF65C11C000 cmd.exe (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD05640000-00007FFD05849000 ntdll.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD03C00000-00007FFD03CBD000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD022F0000-00007FFD0240A000 hmpalert.dll (SurfRight B.V.),
    version: 3.8.20.939
    00007FFD02DA0000-00007FFD03114000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD04BC0000-00007FFD04C63000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.22000.1 (WinBuild.160101.0800)
    00007FFD04520000-00007FFD04898000 combase.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD02B30000-00007FFD02C41000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD034E0000-00007FFD03600000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFCC9DA0000-00007FFCC9E2E000 ebehmoni.dll (ESET),
    version: 1.0.45.0
    00007FFD01F90000-00007FFD01FB9000 USERENV.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02A60000-00007FFD02A81000 profapi.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD053B0000-00007FFD0545E000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.22000.434 (WinBuild.160101.0800)
    00007FFD052F0000-00007FFD0538E000 sechost.dll (Microsoft Corporation),
    version: 10.0.22000.556 (WinBuild.160101.0800)
    00007FFD050E0000-00007FFD0528C000 USER32.dll (Microsoft Corporation),
    version: 10.0.22000.282 (WinBuild.160101.0800)
    00007FFD02C50000-00007FFD02C76000 win32u.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD04B90000-00007FFD04BB9000 GDI32.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD02C80000-00007FFD02D92000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD03380000-00007FFD0341D000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    00007FFD05460000-00007FFD05491000 IMM32.DLL (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)
    000002A533600000-000002A533DAF000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.22000.593 (WinBuild.160101.0800)
    00007FFD00B40000-00007FFD013A8000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.22000.593 (WinBuild.160101.0800)
    00007FFD009D0000-00007FFD00B36000 wintypes.dll (Microsoft Corporation),
    version: 10.0.22000.527 (WinBuild.160101.0800)
    00007FFD05510000-00007FFD055FA000 SHCORE.dll (Microsoft Corporation),
    version: 10.0.22000.613 (WinBuild.160101.0800)
    00007FFD05290000-00007FFD052ED000 shlwapi.dll (Microsoft Corporation),
    version: 10.0.22000.1 (WinBuild.160101.0800)

    Process Trace
    1 C:\Windows\System32\cmd.exe [17260]
    C:\WINDOWS\system32\cmd.exe /d /s /c "powershell -command "chcp 65001;Add-Type -AssemblyName PresentationCore;$families=[Windows.Media.Fonts]::SystemFontFamilies;foreach($family in $families){$name='';if(!$family.FamilyNames.TryGetValue([Windows.Markup.Xml
    2 D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [2464]
    "D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe" --type=renderer --user-data-dir="C:\Users\JXY\AppData\Roaming\koodo-reader" --app-path="D:\Users\JXY\AppData\Local\Programs\Koodo Reader\resources\app.asar" --no-sandbox --no-zygote --fiel
    3 D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    "D:\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe" "E:\book\novel\test1.epub"
    4 C:\Windows\explorer.exe [9252]

    Dropped Files
    1 C:\Users\JXY\AppData\Roaming\koodo-reader\Local Storage\leveldb\LOG.old~RF245043.TMP
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    2 C:\Users\JXY\AppData\Roaming\koodo-reader\Local Storage\leveldb\LOG
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    3 C:\Users\JXY\AppData\Local\Temp\fb556d02-3d20-4fce-98f5-e3ff9c049ea8.tmp
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    4 C:\Users\JXY\AppData\Roaming\koodo-reader\IndexedDB\file__0.indexeddb.leveldb\LOG.old~RF24568d.TMP
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    5 C:\Users\JXY\AppData\Roaming\koodo-reader\IndexedDB\file__0.indexeddb.leveldb\LOG
    Dropped by \Device\HarddiskVolume2\Users\JXY\AppData\Local\Programs\Koodo Reader\Koodo Reader.exe [6040]
    1 C:\Users\JXY\AppData\Local\Microsoft\Windows\INetCache\IE\3B0S0GKS\LightRainV3[1].png
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]
    2 C:\Users\JXY\AppData\Roaming\Microsoft\Windows\Recent\test.epub.lnk
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]
    3 C:\Users\JXY\AppData\Roaming\Microsoft\Windows\Recent\novel.lnk
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]
    4 C:\Users\JXY\AppData\Roaming\Microsoft\Windows\Recent\test1.epub.lnk
    Dropped by \Device\HarddiskVolume9\Windows\explorer.exe [9252]

    Thumbprints
    c76397598889dfd9c052a3cf995bb2645e873f667b0799a57be6d7515eed0863

    And I'm a little curious why an Electron app like this gets the Office category instead of the browser category.
     
  18. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    581
    Location:
    Hengelo
    HitmanPro.Alert 3.8.21 Build 941 Release Candidate

    Changelog (compared to 939)
    • Updated third-party libraries
    • Improved HeapHeapProtect to overrule a Thumbprint when a backdoor stager is detected
    • Improved CookieGuard so it now adds certificate validation information into the alert details
    • Improved SysCall mitigation with additional Thumbprints
    • Improved SysCall mitigation so it can a handle misaligned stack
    • Improved SysCall alert which now includes the full path of the object from which the syscall originated
    • Fixed a compatibility issue between our anti-ransomware CryptoGuard 5 and Artisan scrapping book software from Forever Storage
    • Fixed a BSOD occurring in WipeGuard when terminating an offending process
    • Fixed a false positive on BitLocker in our WipeGuard boot sector protection
    Download
    https://dl.surfright.nl/hmpalert3b941.exe

    Please let us know how this version runs on your machine, thanks! :thumb:
     
    Last edited: Apr 26, 2022
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    So far so good here.
     
  20. Mr Humphries

    Mr Humphries Registered Member

    Joined:
    Dec 3, 2016
    Posts:
    15
    Location:
    Australia
    Fine so far on 22598
     
  21. feerf56

    feerf56 Registered Member

    Joined:
    Feb 24, 2015
    Posts:
    324
    Automatically installed. So far so good.

    When do you expect CookieGuard to work in Firefox?
     
  22. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    1,243
    +1.
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Automatic update, all good here. Win 10 as per signature.
     
  24. Libraman

    Libraman Registered Member

    Joined:
    Apr 26, 2016
    Posts:
    198
    Automatic updated. Perfect here.
     
  25. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,868
    Location:
    Outer space
    So far so good on Windows 10.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.