HitmanPro.Alert BETA

Discussion in 'other anti-malware software' started by erikloman, May 30, 2017.

  1. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    300
    Location:
    Netherlands
    W7-x64 Prof, installed build 773 over build 771, no issues what so ever.
     
  2. abbs

    abbs Registered Member

    Joined:
    Sep 14, 2018
    Posts:
    16
    Location:
    Nederlands
    Windows 10-64 bits installed build 773 over build 771, no issues what so ever.
     
  3. RonnyT

    RonnyT Registered Member

    Joined:
    Aug 9, 2016
    Posts:
    189
    Location:
    Planet Earth
    HitmanPro.Alert 3.7.9 Build 773 Release Candidate (re-release)

    Changelog (compared to build 771):

    Changed
    • Changed name for "Dynamic Shellcode Mitigation" to "Heap Heap Protect"
    Improved
    • Heap Heap Protect
    • CodeCave
    Fixed
    • Trend Micro Intruder/Safe Browsing incompatibility
    Download
    http://test.hitmanpro.com/hmpalert3b773.exe

    Hi all, we found a small issue in the previous 773, so we re-released it.
    Current 773 users will be automatically upgraded to the new 773.

    Please let us know how this version runs on your endpoints! :thumb:
     
  4. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    803
    Got a notification and updated/upgraded to the latest version of build 773.
     
  5. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    300
    Location:
    Netherlands
    W7-x64 Prof. Got a notification and updated/upgraded to the latest version of build 773.
     
  6. Sand

    Sand Registered Member

    Joined:
    Apr 28, 2016
    Posts:
    26
    Mitigation Shellcode
    Timestamp 2019-01-20T08:53:39

    Platform 10.0.17763/x64 v773 06_9e
    PID 5268
    Feature 00170A30000001A2
    Application C:\Users\X\AppData\Local\SidebarDiagnostics\app-3.5.2\SidebarDiagnostics.exe
    Created 2018-12-23T16:23:57
    Modified 2018-12-23T16:23:57
    Description Sidebar Diagnostics 3.5.2

    Shellcode (HHA) (0x00001000 bytes)
    CALLER is inside localAlloc mem
    Owner of CALLER: (anonymous; allocated by 00007FFF3634D3EF, clr.dll)
    (anonymous; clr.dll)+0x4A8A8
    00007FFED6DBA8A8 ffd0 CALL RAX
    00007FFED6DBA8AA 41c6470c01 MOV BYTE [R15+0xc], 0x1
    00007FFED6DBA8AF 833d3a98ec5f00 CMP DWORD [RIP+0x5fec983a], 0x0
    00007FFED6DBA8B6 7406 JZ 0x7ffed6dba8be
    00007FFED6DBA8B8 ff156aa4ec5f CALL QWORD [RIP+0x5feca46a]
    00007FFED6DBA8BE 41c6470c01 MOV BYTE [R15+0xc], 0x1
    00007FFED6DBA8C3 488b5590 MOV RDX, [RBP-0x70]
    00007FFED6DBA8C7 49895710 MOV [R15+0x10], RDX
    00007FFED6DBA8CB 488d65c8 LEA RSP, [RBP-0x38]
    00007FFED6DBA8CF 5b POP RBX
    00007FFED6DBA8D0 5e POP RSI
    00007FFED6DBA8D1 5f POP RDI
    00007FFED6DBA8D2 415c POP R12
    00007FFED6DBA8D4 415d POP R13
    00007FFED6DBA8D6 415e POP R14
    00007FFED6DBA8D8 415f POP R15

    ----- SNIP HERE -----
    AAIWAQCg29b+fwAAqKjb1v5/AAAAoNvW/n8AAAAQAADASIO94BYEAHQLTIuF4BYDAEWLQAjoNcNxX5BIg8QoW15fQVxBXUFeQV9dwxYDABkYCyUYAxMBFQAMMAtgCnAJwAfQBeAD8AFQFgIAQBYDABkQCQAQQgwwC2AKcAnAB9AF4APwAVAWAgBAFg8AeBvz1v5/FgIAVUFXQVZBVUFUV1ZTSIPsaEiNrCSgFgMATIlVwEiL8UiNTYhJi9LoFa5YX0iL+EiLzEiJTahIi81IiU24SI1NiEiJTxBIi03A6OOkY19Ii03ASItJIEiLAUiLzkUz20iLVcBIiVWYSI0VChYDAEiJVbDGRwwA/9DGRwwBgz3un+xfAHQG/xUerOxfhcAPlcAPtsAPtsDGRwwBSItVkEiJVxBIjWXIW15fQVxBXUFeQV9dwxYCABkQCQAQwgwwC2AKcAnAB9AF4APwAVAWAgBAFgsAwErz1v5/FgIAVVdIg+x4SI2sJIAWAwBIjX2ouRQWAwAzwPOrSLlqdDc0/38WAgC6AxYDAOihhFhfSIlFyEi58Pvx1v5/FgIA6E4pcV9IiUXwSItNyEiLVfDoXSdxX0i5UPxW7q8CFgIASItVyOj6nVhfSLlqdDc0/38WAgC6ChYDAOhWhFhfSIlFwEi5sPrx1v5/FgIA6AMpcV9IiUXoSItNwEiLVRYC6BIncV9IuVj8Vu6vAhYCAEiLVcDor51YX0i5anQ3NP9/FgIAukQWAwDoC4RYX0iJRbhIudD78db+fxYCAOi4KHFfSIlF4EiLTbhIi1Xg6McmcV9IuWj8Vu6vAhYCAEiLVbjoZJ1YX0i5anQ3NP9/FgIAuiUWAwDowINYX0iJRbBIuVD68db+fxYCAOhtKHFfSIlF2EiLTbBIi1XY6HwmcV9IuXD8Vu6vAhYCAEiLVbDoGZ1YX0i5anQ3NP9/FgIAuhsWAwDodYNYX0iJRahIudD58db+fxYCAOgiKHFfSIlF0EiLTahIi1XQ6DEmcV9IuXj8Vu6vAhYCAEiLVajozpxYX5BIjWX4X13DFgIAGQYDAAbiAnABUBYCAEAWDwBoT/PW/n8WAgBBV0FWQVRXVlVTSIPsMOiN8bJdi0ggSLhY/FburwIWAgBIizCD+QR0CIH5gBYDAHUPSLh4/FburwIWAgBIizjrDUi4cPxW7q8CFgIASIs4i0YIA0cISGPASIkF5KoVAIP5BHQMgfmAFgMAD4V6AxYCAEi5SDFX7q8CFgIASIsJ6OFdqV1Ii9hIulAxV+6vAhYCAEiLEkiLy0iLA0iLQEj/UChIi8hIulgxV+6vAhYCAEiLEjkJ6K1LqV1Ii+hIumAxV+6vAhYCAEiLEkiLy0iLA0iLQEj/UChMi/BIumgxV+6vAhYCAEiLEkmLzkG4HBYDAEmLBkiLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi/hIuhCeqTT/fxYCAEk5F3QSSYvXSLkQnqk0/38WAgDoanpeX0WLfwhIunAxV+6vAhYCAEiLEkmLzkG4HBYDAEmLBkiLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi+BIuhCeqTT/fxYCAEk5FCR0EkmL1Ei5EJ6pNP9/FgIA6BJ6Xl9FC3wkCEi6gNdc7q8CFgIASIsSSYvOQbgcFgMASYsGSItAeP9QCEiLyDPSSIsASItAWP9QGEyL4Ei6EJ6pNP9/FgIASTkUJHQSSYvUSLkQnqk0/38WAgDouXleX0GL10ELVCQISYvO6AlepF1Mi/BIuojXXO6vAhYCAEiLEkiLy0iLA0iLQEj/UChIi9hIupDXXO6vAhYCAEiLEkiLy0G4HBYDAEiLA0iLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi/hIuhCeqTT/fxYCAEk5F3QSSYvXSLkQnqk0/38WAgDoNnleX0WLfwhIupjXXO6vAhYCAEiLEkiLy0G4HBYDAEiLA0iLQHj/UAhIi8gz0kiLAEiLQFj/UBhMi+BIuhCeqTT/fxYCAEk5FCR0EkmL1Ei5EJ6pNP9/FgIA6N54Xl9Bi9dBC1QkCEiLy+guXaRdSIvYSLkCdDc0/38WAgC6BhYDAOiXgFhfTIv4SLnwR6g0/38WAgDoNX9YX0yLwDPJSYlICEmLzzPS6GKbWF9IuQhIqTT/fxYCAOgTf1hfTIvASIsNKagVAEmJSAhJi8+6ARYDAOg4m1hfSYvPTYvGugIWAwDoKJtYX0mLz0yLw7oDFgMA6BibWF9IuRCeqTT/fxYCAOjJflhfTIvAQcdACBYE/0mLz7oEFgMA6PGaWF9IuRCeqTT/fxYCAOiiflhfTIvAM8lBiUgISYvPugUWAwDozJpYX0yJfCQgM8lIiUwkKEiLzTPSRTPARTPJSItFAEiLQFj/UCBIi9hIuvBHqDT/fxYCAEg5E3QSSIvTSLnwR6g0/38WAgDotndeX0iLUwhIiRVTpxUA6yFIixVSpxUAM8lBuAAwFgIAQblAFgMA6IehFgL/SIkFMKcVAEyLBSmnFQBEi04ISIvOM9LoE65zX0iLHRSnFQBIuVgH9Nb+fxYCAOgNTllfSIvQSIvL6LJTpF1IhcB0EUi6WAf01v5/FgIASDkQdAIzwEi5SPxW7q8CFgIASIvQ6DqYWF9Iiw3LphUARItOCE1jyUmNNAlEi08ISIvPTIvGM9Lop61zX0i58Aj01v5/FgIA6KhNWV9Ii9BIi87oTVOkXUiFwHQRSLrwCPTW/n8WAgBIORB0AjPASLlg/FburwIWAgBIi9Do1ZdYX5BIg8QwW11eX0FcQV5BX8MAGQ4IAA5SCjAJUAhgB3AGwATgAvBAFgcAaFDz1v5/FgIAVUFXQVZBVUFUV1ZTSIPsaEiNrCSgFgMATIlVwEiL8UiL+kGL2EWL8UiNTYhJi9LobKZYX0yL+EiLzEiJTahIi81IiU24SI1NiEmJTxBIi03A6DqdY19MY8NNY85Ii03ASItJIEiLAUiLzkiL10Uz20yLVcBMiVWYTI0VCxYDAEyJVbBBxkcMAP/QQcZHDAGDPTqY7F8AdAb/FWqk7F9BxkcMAUiLVZBJiVcQSI1lyFteX0FcQV1BXkFfXcMZEAkAEMIMMAtgCnAJwAfQBeAD8AFQFgIAQBYAABYAABYAABYAABYAABYAABYAABYLAA==
    ----- END SNIP -----

    Loaded Modules
    -----------------------------------------------------------------------------
    000002AFDC3F0000-000002AFDC510000 SidebarDiagnostics.exe (Happa Media LLC),
    version: 3.5.2.0
    00007FFF4D0E0000-00007FFF4D2CD000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFF374A0000-00007FFF37504000 MSCOREE.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4CE90000-00007FFF4CF43000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF49A70000-00007FFF49D03000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFF48DA0000-00007FFF48EE8000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.9.773
    00007FFF4B2C0000-00007FFF4B363000 ADVAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4B000000-00007FFF4B09E000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17763.1 (WinBuild.160101.0800)
    00007FFF4B0A0000-00007FFF4B13E000 sechost.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A380000-00007FFF4A4A2000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFF36FD0000-00007FFF3706C000 mscoreei.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF4A780000-00007FFF4A7D2000 SHLWAPI.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4AB20000-00007FFF4AE4D000 combase.dll (Microsoft Corporation),
    version: 10.0.17763.253 (WinBuild.160101.0800)
    00007FFF49F60000-00007FFF4A05C000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A290000-00007FFF4A30E000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4AA20000-00007FFF4AA49000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF49D10000-00007FFF49EAA000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFF491B0000-00007FFF49250000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A5E0000-00007FFF4A777000 USER32.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFF49A50000-00007FFF49A70000 win32u.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4CDF0000-00007FFF4CE1E000 IMM32.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF490E0000-00007FFF490F1000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF423A0000-00007FFF423AA000 VERSION.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF36340000-00007FFF36D2D000 clr.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF360B0000-00007FFF361A7000 MSVCR120_CLR0400.dll (Microsoft Corporation),
    version: 12.00.52519.0 built by: VSWINSERVICING
    00007FFF34370000-00007FFF358FB000 mscorlib.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF4CF50000-00007FFF4D0A5000 ole32.dll (Microsoft Corporation),
    version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FFF475C0000-00007FFF4765C000 uxtheme.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF33180000-00007FFF33DC0000 System.ni.dll (Microsoft Corporation),
    version: 4.7.3314.0 built by: NET472REL1LAST_B
    00007FFF326E0000-00007FFF33130000 System.Core.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF2C590000-00007FFF2CA79000 WindowsBase.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF4A270000-00007FFF4A287000 CRYPTSP.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF483E0000-00007FFF48413000 rsaenh.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A060000-00007FFF4A086000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF489F0000-00007FFF489FC000 CRYPTBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF24260000-00007FFF2503C000 PresentationCore.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF22A60000-00007FFF240B3000 PresentationFramework.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0
    00007FFF227F0000-00007FFF22A5A000 System.Xaml.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF2CD70000-00007FFF2D06F000 dwrite.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFF22640000-00007FFF227F0000 wpfgfx_v0400.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF4AA50000-00007FFF4AB1B000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF22590000-00007FFF2263E000 MSVCP120_CLR0400.dll (Microsoft Corporation),
    version: 12.00.52519.0 built by: VSWINSERVICING
    00007FFF2AF20000-00007FFF2B030000 PresentationNative_v0400.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF33F90000-00007FFF340BB000 clrjit.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF21130000-00007FFF21259000 System.Configuration.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF2EB10000-00007FFF2F39C000 System.Xml.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF4B380000-00007FFF4C86F000 shell32.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFF49F10000-00007FFF49F5A000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A7E0000-00007FFF4A888000 shcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF49300000-00007FFF49A4A000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFF49160000-00007FFF49184000 profapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF49100000-00007FFF4915D000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF476E0000-00007FFF4770E000 dwmapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A090000-00007FFF4A26B000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF49190000-00007FFF491A2000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4B150000-00007FFF4B2BA000 MSCTF.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF1DD40000-00007FFF1DDDA000 PresentationFramework.Aero2.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF1D5E0000-00007FFF1D62F000 System.Numerics.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF1B500000-00007FFF1B833000 System.Runtime.Serialization.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF1ABC0000-00007FFF1B4FF000 System.Data.ni.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF1A850000-00007FFF1ABB6000 System.Data.dll (Microsoft Corporation),
    version: 4.7.3260.0 built by: NET472REL1LAST_C
    00007FFF4CE20000-00007FFF4CE8D000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF4A970000-00007FFF4AA12000 clbcatq.dll (Microsoft Corporation),
    version: 2001.12.10941.16384 (WinBuild.160101.080
    00007FFF455C0000-00007FFF4567E000 taskschd.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF48FE0000-00007FFF4900F000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF44040000-00007FFF4407A000 XmlLite.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF48F40000-00007FFF48FDB000 sxs.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF3ED80000-00007FFF3EF57000 urlmon.dll (Microsoft Corporation),
    version: 11.00.17763.168 (WinBuild.160101.0800)
    00007FFF3E430000-00007FFF3E6D8000 iertutil.dll (Microsoft Corporation),
    version: 11.00.17763.253 (WinBuild.160101.0800)
    00007FFF43E00000-00007FFF43FB8000 WindowsCodecs.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    00007FFF15F30000-00007FFF16118000 System.Drawing.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF3DFA0000-00007FFF3E13E000 d3d9.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF15CB0000-00007FFF15F23000 igdumdim64.dll (Intel Corporation),
    version: 25.20.100.6444
    00007FFF12570000-00007FFF15CA4000 igd9dxva64.dll (Intel Corporation),
    version: 25.20.100.6444
    00007FFF45BA0000-00007FFF45BB3000 wtsapi32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF480D0000-00007FFF48128000 WINSTA.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF22420000-00007FFF22476000 dataexchange.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF46050000-00007FFF462CE000 d3d11.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF469E0000-00007FFF46BA3000 dcomp.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF47D20000-00007FFF47DE2000 dxgi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF47710000-00007FFF4791D000 twinapi.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFF47690000-00007FFF476B8000 RMCLIENT.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFF2FD20000-00007FFF2FD41000 igdinfo64.dll (),
    version:
    00007FFF3F7C0000-00007FFF41729000 igc64.dll (Intel Corporation),
    version: 25.20.100.6444
    00007FFF47040000-00007FFF47064000 WINMM.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF47010000-00007FFF4703D000 WINMMBASE.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF45BF0000-00007FFF46042000 D3DCOMPILER_47.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF1BA00000-00007FFF1BB5E000 System.Management.ni.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF2FB90000-00007FFF2FBBE000 wminet_utils.dll (Microsoft Corporation),
    version: 4.7.3190.0 built by: NET472REL1LAST_C
    00007FFF3A140000-00007FFF3A166000 wmiutils.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF3C300000-00007FFF3C385000 wbemcomn.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF3C390000-00007FFF3C3A1000 wbemprox.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF3A380000-00007FFF3A394000 wbemsvc.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF3A480000-00007FFF3A571000 fastprox.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFF48060000-00007FFF48091000 ntmarta.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)

    Process Trace
    1 C:\Users\X\AppData\Local\SidebarDiagnostics\app-3.5.2\SidebarDiagnostics.exe [5268]
    2 C:\Windows\System32\svchost.exe [1396]
    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

    Thumbprint
    c153987dfdca5d7427952ad3c59a2c0cbd005560313388f0de74e58bffd8b7b5

    Not happening with stable version of HitmanPro.Alert, link to the application been mitigated:


    Opened Issue on proper Github page:
     
    Last edited: Jan 20, 2019
  7. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,088
    Location:
    the Netherlands
    Since last Friday, January 18, HMPA 3.7.9 build 773 is the release/stable version.
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,260
    Location:
    Outer space
    Lol, reminding me of Hiep Hiep Hoera :argh:
    Anyway, Build 773 is running fine here.
     
  9. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    538
    Location:
    Hengelo
    Actually, the official internal name of the mitigation is Heap Heap Hooray. If you turn Heap Heap Protect off, you get a registry key under HKLM\Software\HitmanPro.Alert\HeapHeapHooray :D

    This mitigation is arguably the most interesting protection we ever built. It is relatively simple but catches multi-stage attacks like Meterpreter, CCleaner APT but also the Emotet Trojan that's dropping crypto-ransomware around the globe, but is very successful in evading even next-gen security products. So it catches a plethora of attacks. Thanks to our flexible platform we can easily build signature-less run-time mitigations like Heap Heap Protect. We're still tuning this mitigation though, build 775 is coming!
     
    Last edited: Jan 31, 2019
  10. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    538
    Location:
    Hengelo
    HitmanPro.Alert 3.7.9 Build 775 Release Candidate

    Changelog (compared to build 773):

    Improved
    • Code injection, which will result in faster boot times on Windows 10. It also fixes a rare issue a few Windows 10 users had where the system did not finish boot correctly.
    • Heap Heap Protect mitigation as it should now play more nicely with certain .NET applications.
    • Hardware Assisted Control-Flow Integrity, our Last Branch Record CPU assisted ROP mitigation, to fix false positives we're seeing on some newer CPUs.
    • Alert info regarding our real-time Anti-Malware and Code Cave mitigation.
    Fixed
    • Rare bug in CryptoGuard which sometimes forgot to make a backup of a file - which you could lose in the event of a ransomware attack.
    Download
    http://test.hitmanpro.com/hmpalert3b775.exe

    Please let us know how this version runs on your machine. Thanks! :thumb:
     
    Last edited: Jan 31, 2019
  11. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,088
    Location:
    the Netherlands
    I think you meant Build 775 Release Candidate.
     
  12. markloman

    markloman Developer

    Joined:
    Jan 25, 2005
    Posts:
    538
    Location:
    Hengelo
    LOL you are right. Fixed it!
     
  13. deugniet

    deugniet Registered Member

    Joined:
    Nov 25, 2013
    Posts:
    803
    No problems upgrading/updating build 775 RC.

    Win10 1809 build 17763.253 x64/Norton Security v22.16.3.21
     
  14. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,682
    Location:
    Under a bushel ...
    Nor here, W10 1803 17134.523 / EAM + ...
     
  15. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,263
    Location:
    USA
    So far no problems here (Win 7 SP1 x64).
     
  16. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    170
    Location:
    Canada
    No issues here going from Build 773 to 775.
     
  17. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,172
    Location:
    Among the gum trees
    No problem updating three Win10 x64 1809 machines. :thumb:
     
  18. L10090

    L10090 Registered Member

    Joined:
    Feb 13, 2015
    Posts:
    300
    Location:
    Netherlands
    W7-x64 Professional: no issues upgrading build 773 to build 775 RC and running build 775 RC
     
  19. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,260
    Location:
    Outer space
    Haha :argh:
    Nice!
     
  20. Secure_Guy

    Secure_Guy Registered Member

    Joined:
    May 4, 2016
    Posts:
    49
  21. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    200
    Why does Alt+tab still stick w/keystroke encryption enabled? I don't think anybody ever addressed this beyond confirming it?
     
  22. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    850
    Location:
    Baden Germany
    For me Alt+Tab works, like it should.
    Win10-64-1809
     
  23. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    200
    same windows build here, fresh installs on two machines have the same alt+tab quirk they have had forever w/keystroke encryption enabled (i forgot about the issue until i reinstalled hmp, as i have keystroke encryption off due to it)
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,172
    Location:
    Among the gum trees
    I've never used that shortcut and had to Google what it does. Seems to work here as it should with Keystroke Encryption enabled.
     
  25. m0unds

    m0unds Registered Member

    Joined:
    Nov 12, 2015
    Posts:
    200
    funny. i figured everybody knew about it. you can spice it up by using winkey+tab to use the win10 equiv of macos "expose", if you prefer it to look fancy.

    at any rate, i figured out what in particular is causing it and opened a ticket. 3 years in, same stupid bug. (1password browser extension incompatibility. had a ticket about it back in 2016)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.