HitmanPro.ALERT Support and Discussion Thread

Discussion in 'other anti-malware software' started by erikloman, May 25, 2012.

  1. Sand

    Sand Registered Member

    Joined:
    Apr 28, 2016
    Posts:
    26
    Platform 10.0.17763/x64 v781 06_9e
    PID 5564
    Feature 00170A30000001A6
    Application C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    Created 2018-09-15T07:28:52
    Modified 2018-09-15T07:28:52
    Description LockApp.exe 10

    Shellcode (HHA) (0x00001000 bytes)
    Owner of CALLER: (anonymous; allocated from phelper.exe:10884)

    **** Remote allocation of shellcode ****
    Allocated by C:\Program Files\Windows10FirewallControl\x64\phelper.exe - PID: 10884

    OwnerModuleName: phelper.exe
    OwnerModuleThumbprint: 98bc88186856753173f7fdb36eaf7df9e408b53039e099931f5d727d8c81f58d

    000001FD0D844340 ff15a2310000 CALL QWORD [RIP+0x31a2]
    000001FD0D844346 4885c0 TEST RAX, RAX
    000001FD0D844349 488bd8 MOV RBX, RAX
    000001FD0D84434C 7523 JNZ 0x1fd0d844371
    000001FD0D84434E 33d2 XOR EDX, EDX
    000001FD0D844350 4c8d4c2430 LEA R9, [RSP+0x30]
    000001FD0D844355 b9170000c0 MOV ECX, 0xc0000017
    000001FD0D84435A 448d4201 LEA R8D, [RDX+0x1]
    000001FD0D84435E 48c744243020000000 MOV QWORD [RSP+0x30], 0x20
    000001FD0D844367 ff150b310000 CALL QWORD [RIP+0x310b]
    000001FD0D84436D 33c0 XOR EAX, EAX
    000001FD0D84436F eb50 JMP 0x1fd0d8443c1
    000001FD0D844371 8b00 MOV EAX, [RAX]
    000001FD0D844373 488b0dae050400 MOV RCX, [RIP+0x405ae]
    000001FD0D84437A ff15582f0000 CALL QWORD [RIP+0x2f58]

    ----- SNIP HERE -----
    AAIeAQBAhA39AQAAQEOEDf0BAAAAQIQN/QEAAABQOgAMSIP5/nQG/xUDNR4CAEiLDVTkAQBIg/n/dAxIg/n+dAb/Feo0HgIASIPEKMMeBcxIiVwkCEiJbCQQSIl0JCBXSIPsIEiLBSXOAQBIM8RIiUQkEIXSSYvYi/JIi+lmv05AQcceBQBBx0AEHgQAQcdACB4EAA+ETAEeAgBmkEiLA0SLWwhIjQwkSIkBi0MIRQPbiUEIiwuLQwREjQwJi9FEjRQARIvAweofQYvBRAvSQcHoH0ONFAlFC9hBi8rB6B/B6R9FA9tFA9JEC9mLDCREC9BEjQQKM8CJE0Q7wkSJUwREiVsIcgVEO8FzBbgBHgMAhcBEiQN0I0GNQgEzyUE7wnIFg/gBcwW5AR4DAIXJiUMEdAdBjUMBiUMIi0MESIsMJDPSSMHpIESNDAhEO8hyBUQ7yXMFugEeAwCF0kSJSwR0BINDCAGLRCQIQYvJRQPJAUMIi1MIwekfQYvARQPAA9LB6B8L0USJA0QLyIlTCEUz0kSJSwQPvk0AQY0ECIkMJEE7wHIEO8FzBkG6AR4DAEWF0okDdCJBjUEBM8lBO8FyBYP4AXMFuQEeAwCFyYlDBHQGjUIBiUMISIPFAYPG/w+Ftv4eAv+DewgAdSyLC4tTBGaBx/D/RIvCix4CweIQwegQQcHoEMHhEAvQRYXARIlDCIlTBIkLdNQPumMID3JAkB4DZpAeA2aQHgNmkIsDi0sEZoHHHgL/i9ADwESLwYkDweofQcHoH40ECQvCiUMEi0MIA8BBC8APuuAPiUMIc81miXsKSItMJBBIM8zo/H7+/0iLXCQwSItsJDhIi3QkHgJIg8QgX8PM/yUgLx4CAP8lIi8eAgD/JSQvHgIA/yU2Lx4CAP8loDYeAgD/JZI2HgIA/yWcNh4CAEiL0UiLDYoGBABI/yVDMB4CAB4DzEiJXCQQV0iD7CBIiw1vBgQASIXJdR4CZUiLBCUwHgMASItYYEiLS0BIhcl1SP8Vbi4eAgAz0kSNQhBIi8j/FVcuHgIASIXASIv4dF1IgyAASINgCAAzwPBID7F7QHQU/xU+Lh4CAEyLxzPSSIvI/xUgLh4CAEiLS0BIiQ0FBgQA/xWvLx4CAEiFwA+Fjx4DALoAEB4CAESNSEAzyUSLwv8VojEeAgBIhcBIi9h1IzPSTI1MJDC5Fx4CAMBEjUIBSMdEJDAgHgMA/xULMR4CADPA61CLAEiLDa4FBAD/FVgvHgIASIXASIv4dBYz0kG4AIAeAgBIi8v/FUcvHgIASIvH6yNIjbvgDx4CAEiLDXwFBABIi9P/FTMvHgIASIPDIEg733LnSIvDSItcJDhIg8QgX8Pp1/4eAv8eA8xAU0iD7DBIiwWPygEASDPESIlEJCgz2/8VJy0eAgBEjUsHTI1EJCC6BBAeAgCLyP8VgS4eAgCFwHQlikQkIEiNVCQghMB0GA++wEiDwgGNDJuNXEjQigKEwHXshdt1CP8VIi4eAgCL2IvDSItMJChIM8zoCX3+/0iDxDBbwx4DzLgDHgMAwx4CzEiB7NgeAwBIiwUKygEASDPESImEJMAeAwBIjUwkIMdEJCCUHgMA/xUsLx4CAIN8JDACdQ6DfB4CJAVIjQW5HgP/cwdIjQU0HgP/SIcFmeIBAP8Vk+IBAEiLjCTAHgMASDPM6JN8/v9IgcTYHgMAwx4DzEiD7Dj/Ff4uHgIARTPbRIlcJCDrC0G7DgAHgESJXCQgQYvDSIPEOMMeCcxAVUiD7CBIi+pIiwFFM9uBOBceAgDAQQ+Uw0GLw0iDxCBdwx4CzEiJXCQISIlsJBBIiXQkGFdIg+wgSIXJSIvqSIvZdQe4VwAHgOtkgzkAdF2DOUh17zP/OXlAfikz9kiF9nhhO3tAfVxIi0M4SIvVD7cMMP8VuDEeAgCDxwFIg8YCO3tAfNlIi0s4SIXJdAroxoP+/0iDYzgAg2NAAINjRABIjUsI/xUnLh4CAIMjADPASItcJDBIi2wkOEiLdCRASIPEIF/DRTPJRTPAuYweAgDAQY1RAf8VqC4eAgAeBMxAU0iD7CBIi9lIg8Eo/xXhLR4CAEiLS1BIhcl0Cuhbg/7/SINjUACDY1gAg2NcAEiDxCBbw0iJXCQQSIl0JBhXSIHs0B4DAEiLBU/IAQBIM8RIiYQkwB4DADPSSIvZRI1CKEkDyOhTsP7/SINjUACDY1gAg2NcAEiNBa+5+v++lB4DAEiNTCQgTIvGM9JIiUMQSIlDCMcDYB4DAMZDGADoGbD+/0iNTCQgiXQkIP8VKi0eAgCDfCQwAr4BHgMAdQmDfB4CJAVyHOsWOXQkMHUUg3weAiQEdwl1C4N8JCgAdgRAiHMYSI0FtIceAgBIjUsox0McAAgeAgBIiUMg6Pj9HgL/D7YNEdExAIXASIvDD0jOiA0D0TEASIuMJMAeAwBIM8zoW3r+/0yNnCTQHgMASYtbGEmLcyBJi+Nfwx4GzEiB7JgeAwBIx0QkIP4eA/9IjRXhhx4CAEiNTCQo6L8y+/+QSI1MJFDoFID+/5BIjQVchx4CAEiJRCRQSMeEJIgeAwAPHgMASMeEJIAeBwDGRCRwAEmDyf9FM8BIjVQkKEiNTCRo6MTe+/+QSI0FNIceAgBIiUQkUEiNFcCUAQBIjUwkUOh2s/7/HgbMQFVIg+wgSIvqSI1NKOiOMvv/SIPEIF3DHgjMQFVIg+wgSIvqSI1NUOjegP7/SIPEIF3DHgjMSIHsmB4DAEjHRCQg/h4D/0iNFUmHHgIASI1MJCjo7zH7/5BIjUwkUOhEf/7/kEiNBYyGHgIASIlEJFBIx4QkiB4DAA8eAwBIx4QkgB4HAMZEJHAASYPJ/0UzwEiNVCQoSI1MJGjo9N37/5BIjQV8hh4CAEiJRCRQSI0VuJQBAEiNTCRQ6Kay/v8eBsxAVUiD7CBIi+pIjU0o6L4x+/9Ig8QgXcMeCMxAVUiD7CBIi+pIjU1Q6A6A/v9Ig8QgXcP/JZIsHgIA/yWULB4CAB4MzDPSSP8lh94BAB4HzEBTSIPsIEiNBYOGHgIASIvZSIkBSItJEEiFyXQGSIsB/1AQSIN7GAB0Gv8VSSgeAgBIhcB0D0yLQxgz0kiLyP8VJSgeAgBIg8QgW8MeB8xIg+weAkiNBTWGHgIAiUwkKEiJVCQwSI0VzZEBAEiNTCQgSMdEJDgeBABIiUQkIOi9sf7/Hg3MQFNIg+wgSI0F84UeAgBIi9lIiQGLQgiJQQhIi0IQSMdBGB4EAEiFwEiJQRBIi8h0BkiLAP9QCEiLw0iDxCBbw0iJXCQIV0iD7CBIjQWvhR4CAEiL2Yv6SIkBSItJEEiFyXQGSIsB/1AQSIN7GAB0Gv8VcyceAgBIhcB0D0yLQxgz0kiLyP8VTyceAgBA9scBdAhIi8vobWr9/0iLw0iLXCQwSIPEIF/DzP8lBC8eAgD/Je4uHgIA/yXwLh4CAEiNBQG1AwDpHgQASIlMJAhIiVQkEEyJRCQYTIlMJCBIg+xoZg9/RCQgZg9/TCQwZg9/VCRAZg9/XCRQSIvQSI0N2pIBAOhVHgMAZg9vRCQgZg9vTCQwZg9vVCRAZg9vXCRQSItMJHBIi1QkeEyLhCSAHgMATIuMJIgeAwBIg8Ro6wD/4P8lfbQDAEiNBW60AwDpdR4E/yVjtAMAHgPMTIvcSYlbIFVWV0FUQVVBVkFXSIPscItBBESLCUSLYQhEi1EMx0QkIEgeAwBIi/GLSRBEi3YURIt+HEyL6kiNFQS1+v9JiXOASAPCTYlriEGD4QFJiUOQg2QkQAAzwEkhQ6hJIUOwSYlDoCFEJGBMA+JMA9JIA8pMA/JFhMl1JTPSSI1EJCBNjUsIRI1CAblXAG3ASYlDCP8VIykeAgAzwOkyAh4CAEmLPCRIuB4HAIBJi+1JK+pIwf0Di+1IhQTpuB4EAA+UwIXAiUQkQHQUiwTpSI0NbrT6/0gDwUiJRCRI6wgPtwTpiUQkHgJIiwVD/gMAM9tIhcB0HEiNVCQgM8n/0EiFwEiL2A+FmwEeAgBIiwUg/gMASIX/D4XOHgMASIXAdBJIjVQkII1PAf/QSIXASIv4dWtIi0wkOP8V3SgeAgBIhcBIi/h1WP8V/yceAgCJRCRgSIsF1P0DAEiFwHQSSI1UJCCNTwP/0EiFwEiL+HUwM9JIjUQkIEyNjCS4HgMARI1CAbl+AG3ASImEJLgeAwD/FScoHgIASItEJFjpMwEeAgBIi8dJhwQkSDvHdDCDfhgAdDO6EB4DAI1KMP8VrSYeAgBIhcB0IEiJcAhIiw1V/QMASIkISIkFS/0DAOsJSIvP/xUYJx4CAEiLBUn9AwBIhcBIiXwkUHQPSI1UJCC5Ah4DAP/QSIvYSIXbD4WXHgMAOV4UdCk5Xhx0JEhjRzyBPDhQRR4CAHUXRDl8OAh1EEg7fDgwdQlJixzuSIXbdWlIi1QkHgJIi8//FfsnHgIASIXASIvYdVP/FfUmHgIAiUQkYEiLBcr8AwBIhcB0DUiNVCQgjUsE/9BIi9hIhdt1K0iNRCQgTI2MJMAeAwBEjUMBM9K5fwBtwEiJhCTAHgMA/xUdJx4CAEiLXCRYSYldAEiLBYX8AwBIhcB0G4NkJGAASI1UJCC5BR4DAEiJfCRQSIlcJFj/0EiLw0iLnCTIHgMASIPEcEFfQV5BXUFcX15dwx4QzB4DZpAeA2aQZpBIg+wQTIkUJEyJXCQITTPbTI1UJBhMK9BND0LTZUyLHCUQHgMATTvTcxZmQYHiAPBNjZsA8B4C/0HGAwBNO9N18EyLFCRMi1wkCEiDxBDDHgjMHgNmkB4DZpBmkEiD7BhIiUwkIEiJVCQoRIlEJDBIixJIi8HoskEeA//Q6NtBHgL/SIvISItUJChIixJBuAIeAwDolUEeAv9IiUQkEEiDxBjDHgvMSIPsKEiNDeXAMQAz0ujWKv7/TI0d74MeAgBIjQ0QCB4CAEyJHcnAMQBIg8Qo6YCK/v9Ig+wo6Gc2/v9IhcBIi8h1C7kFQACA6GUa/P/MSIsA/1AYSI0NpwoeAgBIg8AYSIkFzMExAEiDxCjpQ4r+/x4DzEiD7CjoJzb+/0iFwEiLyHULuQVAAIDoJRr8/8xIiwD/UBhIjQ2XCh4CAEiDwBhIiQWUwTEASIPEKOkDiv7/HgPMSIPsKEiNDfWNHgIA6PB1/v9IjQ2JOf3/SIkF8r8xAEiDxChI/yWnJB4CAB4HzEiD7GhIjRWdgR4CAEiNTCQwQbgJHgMASMdEJFAHHgMASMdEJEgeBABmx0QkOB4CAOg85vv/SI1UJDBIjQ0wwTEAQbEBRTPASMdEJCAeBADoHNj8/0iNDSUKHgIASIPEaOlsif7/HgzMSIPsaEiNFZ2NHgIASI1MJDBBuAoeAwBIx0QkUAceAwBIx0QkSB4EAGbHRCQ4HgIA6Mzl+/9IjVQkMEiNDXDBMQA=
    ----- END SNIP -----

    Loaded Modules
    -----------------------------------------------------------------------------
    00007FF7CA7F0000-00007FF7CAB6F000 LockApp.exe (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA110C0000-00007FFA112AD000 ntdll.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    00007FFA10290000-00007FFA10343000 KERNEL32.dll (Microsoft Corporation),
    version: 10.0.17763.475 (WinBuild.160101.0800)
    00007FFA0CCE0000-00007FFA0CECB000 hmpalert.dll (SurfRight B.V.),
    version: 3.7.9.781
    00007FFA0D3E0000-00007FFA0D673000 KERNELBASE.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA0E350000-00007FFA0E3F8000 shcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA10800000-00007FFA1089E000 msvcrt.dll (Microsoft Corporation),
    version: 7.0.17763.475 (WinBuild.160101.0800)
    00007FFA0E750000-00007FFA0E872000 RPCRT4.dll (Microsoft Corporation),
    version: 10.0.17763.379 (WinBuild.160101.0800)
    00007FFA10420000-00007FFA1074C000 combase.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA0E150000-00007FFA0E24A000 ucrtbase.dll (Microsoft Corporation),
    version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFA0D6B0000-00007FFA0D72E000 bcryptPrimitives.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FF9F6EB0000-00007FF9F6F20000 wincorlib.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA101C0000-00007FFA10284000 OLEAUT32.dll (Microsoft Corporation),
    version: 10.0.17763.437 (WinBuild.160101.0800)
    00007FFA0E250000-00007FFA0E2F0000 msvcp_win.dll (Microsoft Corporation),
    version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFA0D0E0000-00007FFA0D0F1000 kernel.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F3EC0000-00007FF9F4F77000 Windows.UI.Xaml.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    00007FFA0E590000-00007FFA0E727000 user32.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FFA0D790000-00007FFA0D7B0000 win32u.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA108A0000-00007FFA108C9000 GDI32.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    00007FFA0D190000-00007FFA0D329000 gdi32full.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA0AC00000-00007FFA0ACE2000 CoreMessaging.dll (Microsoft Corporation),
    version: 10.0.17763.194
    00007FFA0E4B0000-00007FFA0E54E000 sechost.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F57C0000-00007FF9F581C000 Bcp47Langs.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA01AA0000-00007FFA01D48000 iertutil.dll (Microsoft Corporation),
    version: 11.00.17763.592 (WinBuild.160101.0800)
    00007FFA10750000-00007FFA107F3000 advapi32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0AA30000-00007FFA0ABF3000 dcomp.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    00007FFA0BC40000-00007FFA0BD02000 dxgi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0E550000-00007FFA0E57E000 IMM32.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0B630000-00007FFA0B83D000 twinapi.appcore.dll (Microsoft Corporation),
    version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FFA0B5B0000-00007FFA0B5D8000 RMCLIENT.dll (Microsoft Corporation),
    version: 10.0.17763.194 (WinBuild.160101.0800)
    00007FFA08F50000-00007FFA090A3000 WinTypes.dll (Microsoft Corporation),
    version: 10.0.17763.134 (WinBuild.160101.0800)
    00007FF9FEB20000-00007FF9FF25C000 OneCoreUAPCommonProxyStub.dll (Microsoft Corporation),
    version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFA06100000-00007FFA062D7000 urlmon.dll (Microsoft Corporation),
    version: 11.00.17763.592 (WinBuild.160101.0800)
    00007FFA0D990000-00007FFA0E0DA000 windows.storage.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA0D160000-00007FFA0D184000 profapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0D100000-00007FFA0D15D000 powrprof.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0E2F0000-00007FFA0E342000 shlwapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0C910000-00007FFA0C91C000 CRYPTBASE.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0B4E0000-00007FFA0B57C000 uxtheme.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0B600000-00007FFA0B62E000 dwmapi.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0D7B0000-00007FFA0D98B000 CRYPT32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0D0C0000-00007FFA0D0D2000 MSASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0E0E0000-00007FFA0E0F7000 CRYPTSP.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F5A80000-00007FF9F5BBA000 Windows.UI.dll (Microsoft Corporation),
    version: 10.0.17763.168 (WinBuild.160101.0800)
    00007FF9F58B0000-00007FF9F5945000 TextInputFramework.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F54F0000-00007FF9F55BC000 InputHost.dll (),
    version:
    00007FFA00F60000-00007FFA01282000 CoreUIComponents.dll (Microsoft Corporation),
    version: 10.0.17763.1
    00007FFA0A470000-00007FFA0AA2E000 d2d1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0A1F0000-00007FFA0A46E000 d3d11.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA092A0000-00007FFA09448000 PROPSYS.dll (Microsoft Corporation),
    version: 7.0.17763.348 (WinBuild.160101.0800)
    00007FFA0C090000-00007FFA0C0C1000 ntmarta.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA06CD0000-00007FFA06DAF000 Windows.ApplicationModel.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9FF2D0000-00007FFA001F6000 igd10iumd64.dll (Intel Corporation),
    version: 26.20.100.6952
    00007FFA0D680000-00007FFA0D6A6000 bcrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0CA10000-00007FFA0CA36000 ncrypt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0C9D0000-00007FFA0CA0C000 NTASN1.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA04A40000-00007FFA04B47000 MrmCoreR.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9FE9F0000-00007FF9FEB12000 igdgmm64.dll (Intel Corporation),
    version: 26.20.100.6952
    00007FF9F6B20000-00007FF9F6B40000 languageoverlayutil.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9FC630000-00007FF9FE9E9000 igc64.dll (Intel Corporation),
    version: 26.20.100.6952
    00007FFA0ECD0000-00007FFA101C0000 SHELL32.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA0E100000-00007FFA0E14A000 cfgmgr32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0EB70000-00007FFA0ECC5000 ole32.dll (Microsoft Corporation),
    version: 10.0.17763.503 (WinBuild.160101.0800)
    00007FF9F5E30000-00007FF9F5E5A000 bcp47mrm.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F8EA0000-00007FF9F8EBC000 Windows.Shell.ServiceHostBuilder.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F77D0000-00007FF9F77E9000 execmodelproxy.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F30D0000-00007FF9F33CC000 dwrite.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA10E30000-00007FFA10F9B000 MSCTF.dll (Microsoft Corporation),
    version: 10.0.17763.529 (WinBuild.160101.0800)
    00007FF9F6B40000-00007FF9F6BEB000 UiaManager.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9EEDB0000-00007FF9EEE7E000 windows.ui.core.textinput.dll (Microsoft Corporation),
    version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FF9F3930000-00007FF9F3AD8000 Windows.UI.Immersive.dll (Microsoft Corporation),
    version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FF9F0E40000-00007FF9F0E96000 DataExchange.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9E1020000-00007FF9E1093000 lockappbroker.dll (Microsoft Corporation),
    version: 10.0.17763.404 (WinBuild.160101.0800)
    00007FFA08C60000-00007FFA08CEA000 msvcp110_win.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F2650000-00007FF9F27CB000 Windows.Globalization.dll (Microsoft Corporation),
    version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FF9F3B10000-00007FF9F3CB3000 ContentDeliveryManager.Utilities.dll (Microsoft Corporation),
    version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FF9FB820000-00007FF9FBD33000 cdp.dll (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    00007FFA01E60000-00007FFA01F1A000 dsreg.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0BE30000-00007FFA0BE58000 slc.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0BE00000-00007FFA0BE26000 sppc.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA0CFC0000-00007FFA0CFEF000 SspiCli.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F5E10000-00007FF9F5E24000 threadpoolwinrt.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9E1280000-00007FF9E12FF000 Windows.ApplicationModel.LockScreen.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9E0B20000-00007FF9E0C2A000 Windows.Services.TargetedContent.dll (Microsoft Corporation),
    version: 10.0.17763.348 (WinBuild.160101.0800)
    00007FFA08CF0000-00007FFA08D6F000 Windows.Graphics.dll (Microsoft Corporation),
    version: 10.0.17763.292 (WinBuild.160101.0800)
    00007FF9EEE80000-00007FF9EEF3A000 LockController.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9F25B0000-00007FF9F2648000 directmanipulation.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FF9EE880000-00007FF9EE8D8000 Windows.Storage.ApplicationData.dll (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA06500000-00007FFA06539000 MtcModel.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA00700000-00007FFA008B8000 windowscodecs.dll (Microsoft Corporation),
    version: 10.0.17763.55 (WinBuild.160101.0800)
    00007FFA00DE0000-00007FFA00E69000 WINSPOOL.DRV (Microsoft Corporation),
    version: 10.0.17763.592 (WinBuild.160101.0800)
    00007FFA0C4A0000-00007FFA0C4DD000 IPHLPAPI.DLL (Microsoft Corporation),
    version: 10.0.17763.615 (WinBuild.160101.0800)
    00007FFA00ED0000-00007FFA00EE7000 NETAPI32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA08380000-00007FFA08398000 SAMCLI.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA0C4E0000-00007FFA0C4EE000 NETUTILS.DLL (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA10FA0000-00007FFA1100D000 WS2_32.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)
    00007FFA08740000-00007FFA0874A000 VERSION.dll (Microsoft Corporation),
    version: 10.0.17763.1 (WinBuild.160101.0800)

    Code Injection
    000001FD0D7F0000-000001FD0DBE9000 3MB C:\Program Files\Windows10FirewallControl\x64\phelper.exe [10884]
    1 C:\Program Files\Windows10FirewallControl\x64\phelper.exe [10884] 2019-07-19T14:46:55
    "C:\Program Files\Windows10FirewallControl\x64\phelper.exe" /5564 /3 /C:\windows\system32\driverstore\filerepository\cui_dch.inf_amd64_0e95edab338ad669\gfxdownloadwrapper.exe /IPv4 NAME TCP gameplayapi.intel.com/2.20.224.37:443(49790)
    2 C:\Program Files\Windows10FirewallControl\Windows10FirewallControl.exe [7208] 2019-07-19T14:46:07
    3 C:\Windows\explorer.exe [5060] 2019-07-19T14:45:54
    4 C:\Windows\System32\userinit.exe [4796] 2019-07-19T14:45:54 23.3s

    Thumbprint
    bb3dd36d1a7c28070beaf2bf675d89896d899169e965b06a2b0446abfdd43c41
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,366
    Location:
    Among the gum trees
    I temporarily uninstalled HMP.A Build 781 to check another issue I was having with Firefox 68.0.1 and now that I've reinstalled Alert I'm back to not having the green fly-out. :doubt:
     
  3. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    771
    Location:
    USA
    Fyi, I had to disable Intruder Monitor under Safe Browsing for my Edge browser with build 781. Already had keystroke encryption disabled, but Intruder Monitor was preventing me from typing text into a web form.
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,286
    Location:
    Outer space
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,366
    Location:
    Among the gum trees
    @RonnyT @markloman ,

    Guys, I just uninstalled Norton on one of my machines a I am getting the green fly-out on that machine now, but not on the two machines still running Norton. It looks to me that Norton's injecting into Firefox is most likely the cause, but you'll have to confirm that on your end.

    Thanks.
     
  6. newbino

    newbino Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    423
    false positive

    Type : Error
    Date : 07/08/2019
    Time : 10:57:27
    Event : 300
    Source : HitmanPro.Alert
    Category : CryptoGuard
    User : N/A
    Computer : DESKTOP-XX
    Description:
    The following process is trying to attack your personal files:
    PID: 6960
    Application: C:\Program Files\Bvckup 2\bvckup2.exe

    List of files:
    L:\- TORRENT\xxx
    L:\- TORRENT\xxx
    L:\- TORRENT\XX


    HitmanPro.Alert has intercepted and blocked this attack.
    You are strongly advised to immediately scan this computer with HitmanPro and remove the detected threats.
     
  7. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,128
    Location:
    USA
    Is HMPA 3.7.9.781 basically working OK? I'm still using 3.7.9.779 (and it works fine) and just wanted to make sure I wouldn't run into any negative surprises on my Win XP machine.
     
    Last edited: Aug 13, 2019
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,794
    Location:
    Under a bushel ...
    I think you meant HMPA 3.7.9.781 ... no problems here (Win10 v1903) - but that means nothing when it comes to XP! o_O
     
  9. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    771
    Location:
    USA
    To each his own! But I wouldn't expect anything to fully protect me using Win XP online, no matter what anybody says!

    I still run one Win XP machine, and I plan to keep one Win 7 machine running after its end of life next year. But for internet connected use I will stick with either Win 10 or Linux. The only thing I will allow my Win XP machine to do online is to update antivirus signatures. Probably don't even need to do that anymore, because I use a shared files folder with Win 10 that has already scanned any files that I plan to introduce to the XP machine.

    HMPA 3.7.9.781 is running fine here on Win 10 1809. I don't run it on XP, but I expect HMPA to be most thoroughly tested and effective on the latest OS. ;)
     
  10. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,128
    Location:
    USA
    Oops! a typo, but since corrected. Thanks for the reply.
     
  11. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    Question to anyone who can answer, is HMP Alert included in sophos home premium?
     
  12. maniac2003

    maniac2003 Registered Member

    Joined:
    Apr 12, 2007
    Posts:
    98
    Location:
    Netherlands
    It's a while back that I used Sophos Home Premium, and had a terrible time removing it, but yes as far as I can remember it included HMPA.
     
  13. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    Another question to anyone who can answer. If I buy HMP Alert, is that license key also good for the HMP scanner on the same PC?

    Being more specific. If I buy a license for two computers, would it count the HMP scanner as a different copy being used?

    One more question, is the HMP scanner included in sophos home premium too?
     
  14. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,366
    Location:
    Among the gum trees
    If you buy a license for HMP.A for 1PC it includes a license for HMP for one PC only.
    If you pay for 3 PCs (or two single PCs) it includes a license for HMP for those machines.

    You can't buy HMP.A for 1PC and install and activate HMP on a second machine.
     
  15. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    181
    Renewed HitmanPro today but cannot in Hitmanpro.Alert......keep getting error=0....any ideas?
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,366
    Location:
    Among the gum trees
    First question would be, are you sure your license covers HMP.A and not just HMP?

    If that's not the issue best you shoot off an email to their support.

    support@hitmanpro.com
     
  17. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    181
    will do, thanks
     
  18. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    HitmanPro the scanner & HitmanPro ALERT should just be combined into one program and then Sophos/SurfRight can offer just the scanner with malware removal for free....Like malwarebytes and emsisoft do.
     
  19. guest

    guest Guest

    They probably already thought about it, not enough profitable I guess.
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,366
    Location:
    Among the gum trees
    It kind of is. If you don't have HMP installed and run a scan with Alert it will download a copy of HMP and scan your machine. If you have HMP installed Alert will use that instead.
     
  21. Bertazzone

    Bertazzone Registered Member

    Joined:
    Apr 13, 2018
    Posts:
    259
    Location:
    Wonderland
    Not "should" but "could", but they don't because making profit is part of their business model and they've made a choice. If you want free malware scanning and removal there are plenty of free choices, just not Hitman.
     
  22. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,982
    Location:
    USA
    The free version of MalwareBytes does not offer real time monitoring while HMP.Alert does.
     
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    7,366
    Location:
    Among the gum trees
    Firefox 68.0.2 and the green fly-out is back, I suspect until either Firefox or Norton update again.
     
  24. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    Yeah, I know, I use the free version of MBAM and Emsisoft EK. What I suggested was that Sophos/SurfRight should allow usage of HitmanPro The scanner for free, but still charge money for HitmanPro.Alert. Which would be a business model a lot more like what malwarebytes does with their free and paid version, and then they can just rename HMP.Alert to Hitman (pro) and the scanner to just Hitman
     
  25. GrDukeMalden

    GrDukeMalden Registered Member

    Joined:
    Jun 16, 2016
    Posts:
    214
    Location:
    VPN city
    Well, yeah, they're a private company, they aren't under any obligations to give their products away for free.
    But think of how many people decided to pay for malwarebyes because of how well the scanner worked for them. Think about how many people there were that were desperate to get that lifetime license when they stopped selling it that way.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.