Alle Diskussionen > Steam-Foren > Help and Tips > Themendetails
Last Dark Emperor 20. Nov. 2021 um 4:40
Hitman pro blocking all games from steam for hollow procces mitigation?
Process Injection - ID: T1055, Tactic: Defense Evasion, Privilege Escalation
Process Hollowing - ID: T1093, Tactic: Defense Evasion
Process Doppelgänging - ID: T1186, Tactic: Defense Evasion

Mitigation HollowProcess
Timestamp 2021-11-20T12:22:36

Platform 10.0.19043/x64 v899 06_9e%
PID 13600
WoW x86
Feature 003D0A30000001A6
Application D:\Program Files (x86)\Steam\steam.exe
Created 2021-11-20T11:33:58
Description Steam 1.0

Filename D:\Program Files (x86)\Steam\steamapps\common\Siralim Ultimate\SiralimUltimate.exe

Target PID 16940
Target D:\Program Files (x86)\Steam\steamapps\common\Siralim Ultimate\SiralimUltimate.exe
Image Base 0x000F0000
Reason-MTH : 00020005

Loaded Modules (150)
-----------------------------------------------------------------------------
00180000-005F2000 Steam.exe (Valve Corporation),
version: 06.90.64.57
74050000-7415F000 hmpalert.dll (SurfRight B.V.),
version: 3.8.12.899
641F0000-64297000 crashhandler.dll (Valve Corporation),
version: 06.90.64.57
734F0000-73584000 TextShaping.dll (),
version:
63020000-63D3E000 steamui.dll (Valve Corporation),
version: 06.90.64.57
62F10000-6301E000 SDL2.dll (0FileDescription),
version: 2, 0, 17, 0
62E70000-62F0A000 tier0_s.dll (Valve Corporation),
version: 06.90.64.57
629A0000-62E63000 v8.dll (),
version:
625A0000-6299E000 video.dll (),
version:
640E0000-64143000 vstdlib_s.dll (Valve Corporation),
version: 06.90.64.57
62300000-62481000 icui18n.dll (),
version:
621D0000-622F9000 icuuc.dll (),
version:
61C20000-621C9000 libavcodec-58.dll (),
version:
61AF0000-61C17000 libavformat-58.dll (),
version:
61A50000-61AE3000 libavresample-4.dll (),
version:
61690000-61A47000 libavutil-56.dll (),
version:
61580000-6168B000 libswscale-5.dll (),
version:
64020000-64052000 filesystem_stdio.DLL (Valve Corporation),
version: 06.90.64.57
61490000-61571000 vgui2_s.DLL (Valve Corporation),
version: 06.90.64.57
61350000-6148B000 chromehtml.DLL (),
version:
5FD00000-60EA8000 steamclient.dll (Valve Corporation),
version: 06.90.64.57
5FB40000-5FBB3000 WindowManagementAPI.dll (),
version:
5FAF0000-5FB34000 openvr_api.dll (),
version:
5EE10000-5F31D000 friendsui.DLL (Valve Corporation),
version: 06.90.64.57
5F630000-5F83B000 serverbrowser.DLL (Valve Corporation),
version: 06.90.64.57
- MS skipped (125) -

Process Trace
1 D:\Program Files (x86)\Steam\steam.exe [13600] 2021-11-20T12:12:58
2 C:\Windows\explorer.exe [5408] 2021-11-20T12:11:16
3 C:\Windows\System32\userinit.exe [5324] 2021-11-20T12:11:16 26.8s
4 C:\Windows\System32\winlogon.exe [8] 2021-11-20T12:11:11
winlogon.exe
5 C:\Windows\System32\smss.exe [852] 2021-11-20T12:11:11 979ms
\SystemRoot\System32\smss.exe 0000013c 00000084
6 C:\Windows\System32\smss.exe [512] 2021-11-20T12:11:06
\SystemRoot\System32\smss.exe

Dropped Files
1 D:\Program Files (x86)\Steam\package\.writable
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
2 D:\Program Files (x86)\Steam\.writable
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
3 D:\Program Files (x86)\Steam\userdata\164932124\config\librarycache\342940.json
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
4 D:\Program Files (x86)\Steam\steamapps\common\Steam Controller Configs\164932124\config\steam_autocloud.vdf
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
5 D:\Program Files (x86)\Steam\userdata\164932124\241100\remotecache.vdf
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
6 D:\Program Files (x86)\Steam\userdata\164932124\config\localconfig.vdf.async13600.tmp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
7 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QXC0OY25AQEUP1NEMK0E.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
8 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9c9fb.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
9 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CBDSAS2PPGO39SG9F48A.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
10 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9cb91.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
11 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TJKHMOROQMG7CY52DEVG.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
12 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9d19c.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
13 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\QQP7T57DVDNS70GE0UG8.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
14 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9d4c8.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
15 D:\Program Files (x86)\Steam\userdata\164932124\config\librarycache\531640.json
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
16 D:\Program Files (x86)\Steam\steamapps\appmanifest_342940.acf.2465908141.tmp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
17 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\O4XFU4Z9KU538L0QXQY9.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
18 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9dc5a.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
19 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\57WB9GKEPRMPZQIDFKDY.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
20 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9ddf0.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
21 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\895XMIC5HBR03F0IF6CT.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
22 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9e468.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
23 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BVUSVUULUMPWGQL02UNA.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
24 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RF9e7a5.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
25 D:\Program Files (x86)\Steam\steamapps\appmanifest_531640.acf.1716821841.tmp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
26 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VU1A5Z5RPYSDZZUOEMQU.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
27 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RFa6d40.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
28 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8VYG8UQE1TRXVPYLQG3R.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
29 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RFa6f05.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
30 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\XOE3K3ILDE9YZLYHD8O6.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
31 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RFa7500.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
32 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\JRP47V15BHW6NB20I6FC.temp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
33 C:\Users\ERAZER\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d356105fac5527ef.customDestinations-ms~RFa788a.TMP
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
34 D:\Program Files (x86)\Steam\steamapps\appmanifest_531640.acf.2765857106.tmp
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]
35 D:\Program Files (x86)\Steam\userdata\164932124\config\librarycache\1289810.json
Dropped by \Device\HarddiskVolume7\Program Files (x86)\Steam\steam.exe [13600]

Thumbprints
9b6f6a8a5753c8d7247309d6bcc004cc0d391c305d0561dba8d757577aeb2843


Is that legit or false positive?
< >
Beiträge 12 von 2
ReBoot 20. Nov. 2021 um 5:17 
False positive, as usual
#1
Cathulhu 20. Nov. 2021 um 5:23 
Sophos products doing stupid things, nothing new.
#2
< >
Beiträge 12 von 2
Pro Seite: 1530 50

Alle Diskussionen > Steam-Foren > Help and Tips > Themendetails
Geschrieben am: 20. Nov. 2021 um 4:40
Beiträge: 2
Neue Diskussion starten

Diskussionsregeln