HitmanPro.ALERT Support and Discussion Thread

I'm running HMP.A 3.7.9 build 759 under Win10 Pro x64 1803. I had been using version 3.1.4 of a utility named "USB Device Tree Viewer" ( https://www.uwe-sieber.de/usbtreeview_e.html ) without issue. Then, I updated to version 3.2.1 of that same utility, and found HMP.A won't let it run (see screenshot). I can't even run version 3.1.4 anymore, when I try reverting to that version. This does not make sense to me and is quite frustrating at the moment.

Is there a way I can run this utility without disabling a boatload of protection?

 

Have you tried adding UsbTreeView.exe as an exclusion?

Open the HMPA user interface,
in settings, choose Advanced interface,
click the blue Exploit mitigation tile, and then Applications,
scroll to the right, and under Exclude, choose Add exclusion, navigate to UsbTreeView.exe, and add it as exclusion.

Does that help?

 

Looks like WinRAR is running protected on profile other, every new file introduced by WinRAR will run in to lockdown.

Either disable the Application lockdown protection from WinRAR, or remove WinRAR completely from the protection profile, then reboot the machine.
Lockdown will only be reset after reboot.

 

I've tried excluding UsbTreeView.exe, and it makes no difference. It also seems like WinRAR has nothing to do with it; no matter how I run UsbTreeView.exe, something gets terminated:



Maybe a reboot will resolve this... What a joke if that's the case. Complete joke.

Edit: Sure enough, after rebooting, I can now run USB Device Tree Viewer. I don't understand why, or what happened, but it worked. Thanks. I don't mean to show my aggravation so much, but this type of thing is exactly what makes me remove software like HMP.A. Security fatigue.

 

There was a mitigation Lockdown. As RonnyT said, Lockdown will only be reset after reboot.
After excluding UsbTreeView.exe, I hope a system reboot resets the Lockdown.

I see. Different to what RonnyT suggested, it seems that WinRAR is not the cause.
Again, I hope that excluding UsbTreeView.exe followed by a system reboot helps.

Edit:
Ah, I notice you edited your post.
Great that a system reboot helped.
I suppose it is as suggested, excluding UsbTreeView.exe was needed to prevent the issue from happening again, and a system reboot was needed to reset Lockdown.

 

I didn't even add an exclusion of any kind; I simply rebooted. This is why I am completely confused on what happened. INSECURE! [reboot] SECURE!

 

I hope Ronny, Erik, Mark, or someone else can explain.

 

The latest issue is that enabling BadUSB makes my machine BSOD immediately. It's getting harder to tell the malware from the anti-malware.

 

As I explained before, if application X is having "Application lockdown" enabled it is not allowed to introduce new executable's to the machine.
Imagine MS Word downloading an exe from internet and trying to start that, we block that via the lockdown feature, this 'lock' will be marked on that file until the machine reboots to prevent malicious attempts to start it again.
So no matter which application tries to start it it won't run because it's locked down. You are seeing behavior by design.

So I'm wondering which application introduced that USBTreeview to your machine as it must be under protection and have "Application lockdown" enabled.
Browsers are exempt from this so that cannot cause this behavior.

Could you please share the C:\Windows\Memory.dmp with us (via DM)?

 

Reimaged so I don't have the report, but had to disable CryptoGuard to install latest Malwarebytes 3.6.1 update.

 

Hmm, that's odd. I didn't have to do that.

 

Yeah strange, only got an alert on one laptop, on the other the installer just didn't run ...

But after disabling CryptoGuard on both, both installs worked.

 

I had no problems on 3 Win10 machines. Do you have Exploit Protection enabled in MB?

 

No, nothing enabled in MB on either instance. I just run them on demand.

Just to be clear re my previous post: On one machine I tried several times to run the MB install but nothing happened. Then when I ran it on my second machine I got the HMPA CryptoGuard alert, so I thought that may also be a clue to the potential issue on my first machine. After disabling HMPA CryptoGuard on both I was OK.

But clearly it's not a universal issue.

 

That is odd. Just upgraded Malwarebytes (free edition) from v3.51 to v3.61 from within the app using "Install Application Updates", and had no conflicts with installer from HMPA 3.7.9-b759. Cryptoguard is fully enabled here.

Just fyi, MBAM also updated into full "Premium Trial" mode with real-time protection activated, and no conflicts there either. Have de-activated the trial, so back to free on-demand scanner. All normal here.

 

Also used in-app updater. As I said, clearly not a universal issue - but rather something unique to my setup(s).

 

G'day Paul,

Did you ever get this sorted?

 

Hi @Krusty, yes, MB v3.6.1 installed fine after temporarily disabling CryptoGuard. Maybe it was just transient problems, on both machines.

 

Weird, yeah?!

... Don't know.

 

That said, oddly also just got this one, just browsing here on Wilders, shortly after updating to Firefox 62.0.2.

Code:

Mitigation   ROP

Platform     10.0.17134/x64 v759 06_45
PID          45764
Feature      000712341FBFB1B6
Application  C:\Program Files\Mozilla Firefox\firefox.exe
Description  Firefox 62.0.2

Callee Type  ProtectVirtualMemory
             0x0000018DDD7B0000 (4096 bytes)

Branch Trace                              Opcode  To                                     
---------------------------------------- -------- ----------------------------------------
0x00007FFC27730640 xul.dll                   RET  0x00007FFC277763F7 xul.dll             

0x00007FFC27A84562 xul.dll                   RET  0x00007FFC277763CA xul.dll             

0x00007FFC27A84415 xul.dll                   RET  0x00007FFC277763A8 xul.dll             

0x00007FFC27AABB65 xul.dll                 ~ RET  0x00007FFC27776365 xul.dll             

0x00007FFC27AABC8C xul.dll                 ~ RET  0x00007FFC277E6C74 xul.dll             

0x00007FFC27759A91 xul.dll                   RET  0x00007FFC277E5E10 xul.dll             

0x00007FFC27759A91 xul.dll                   RET  0x00007FFC277E68D2 xul.dll             

PostMessageW +0x6a                         ~ RET  0x00007FFC278A423A xul.dll             
0x00007FFC79A3765A user32.dll                                                             

NtUserPostMessage +0x14                    ~ RET* 0x00007FFC27AABBC0 xul.dll             
0x00007FFC77CE1264 win32u.dll                                                             
                    488948f0                 MOV          [RAX-0x10], RCX
                    0f8542fd6700             JNZ          0x7ffc2812b90c
                    8b8200030000             MOV          EAX, [RDX+0x300]
                    488bcf                   MOV          RCX, RDI
                    488b33                   MOV          RSI, [RBX]
                    488bd6                   MOV          RDX, RSI
                    894314                   MOV          [RBX+0x14], EAX
                    e82f010000               CALL         0x7ffc27aabd10
                    4533c9                   XOR          R9D, R9D
                    4c398fa8010000           CMP          [RDI+0x1a8], R9
                    7640                     JBE          0x7ffc27aabc2d
                    4533d2                   XOR          R10D, R10D
                    33d2                     XOR          EDX, EDX
                    488bafa0010000           MOV          RBP, [RDI+0x1a0]
                    4c63042a                 MOVSXD       R8, DWORD [RDX+RBP]
                                         (5F8CD63B74E5829C)


SwitchToThread +0x3b                       ~ RET  0x00007FFC28074C41 xul.dll             
0x00007FFC77AB2F3B KernelBase.dll                                                         

NtYieldExecution +0x14                     ~ RET  SwitchToThread +0x1d                   
0x00007FFC7B65A7B4 ntdll.dll                      0x00007FFC77AB2F1D KernelBase.dll       

Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00007FFC77ABC245 KernelBase.dll           VirtualProtect +0x35

2  00007FFC27D404B9 xul.dll                 
                    85c0                     TEST         EAX, EAX
                    7447                     JZ           0x7ffc27d40504
                    488b0dbcaafb02           MOV          RCX, [RIP+0x2fbaabc]
                    483bd9                   CMP          RBX, RCX
                    0f82b41b4b00             JB           0x7ffc281f2081
                    4881c100000040           ADD          RCX, 0x40000000
                    483bf9                   CMP          RDI, RCX
                    0f87a41b4b00             JA           0x7ffc281f2081
                    b001                     MOV          AL, 0x1
                    488b5c2438               MOV          RBX, [RSP+0x38]
                    4883c420                 ADD          RSP, 0x20
                    5f                       POP          RDI
                    c3                       RET         

3  00007FFC27AAEDB0 xul.dll                 
4  00007FFC2777641D xul.dll                 
5  00007FFC27D65848 xul.dll                 
6  00007FFC27D65805 xul.dll                 
7  00007FFC27860E7C xul.dll                 
8  00007FFC2776BD69 xul.dll                 
9  0000018DDD2D7424 (anonymous; xul.dll)   
10 000000E4A09F6F68 (anonymous)             

Loaded Modules
-----------------------------------------------------------------------------
00007FF74CA50000-00007FF74CACB000 firefox.exe (Mozilla Corporation),
                                  version: 62.0.2
00007FFC7B5C0000-00007FFC7B7A1000 ntdll.dll (Microsoft Corporation),
                                  version: 10.0.17134.254 (WinBuild.160101.0800)
00007FFC7B280000-00007FFC7B332000 KERNEL32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC775A0000-00007FFC776E0000 hmpalert.dll (SurfRight B.V.),
                                  version: 3.7.9.759
00007FFC77A60000-00007FFC77CD3000 KERNELBASE.dll (Microsoft Corporation),
                                  version: 10.0.17134.165 (WinBuild.160101.0800)
00007FFC79C60000-00007FFC79D01000 ADVAPI32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC7B340000-00007FFC7B3DE000 msvcrt.dll (Microsoft Corporation),
                                  version: 7.0.17134.1 (WinBuild.160101.0800)
00007FFC79C00000-00007FFC79C5B000 sechost.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC7B460000-00007FFC7B584000 RPCRT4.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC78950000-00007FFC78A4A000 ucrtbase.dll (Microsoft Corporation),
                                  version: 10.0.17134.254 (WinBuild.160101.0800)
00007FFC46A90000-00007FFC46AC5000 mozglue.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC3FB70000-00007FFC3FC17000 MSVCP140.dll (Microsoft Corporation),
                                  version: 14.13.26020.0 built by: VCTOOLSREL
00007FFC46AF0000-00007FFC46B06000 VCRUNTIME140.dll (Microsoft Corporation),
                                  version: 14.13.26020.0 built by: VCTOOLSREL
00007FFC75B40000-00007FFC75D09000 dbghelp.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC6CEA0000-00007FFC6CEAA000 VERSION.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC771E0000-00007FFC771EB000 CRYPTBASE.DLL (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC779E0000-00007FFC77A5A000 bcryptPrimitives.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC44A10000-00007FFC44A9D000 a2hooks64.dll (Emsisoft Ltd),
                                  version: 2018.04.0.1028
00007FFC79A30000-00007FFC79BC0000 USER32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC77CE0000-00007FFC77D00000 win32u.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC79DE0000-00007FFC79E08000 GDI32.dll (Microsoft Corporation),
                                  version: 10.0.17134.285 (WinBuild.160101.0800)
00007FFC77D00000-00007FFC77E92000 gdi32full.dll (Microsoft Corporation),
                                  version: 10.0.17134.285 (WinBuild.160101.0800)
00007FFC77F00000-00007FFC77F9F000 msvcp_win.dll (Microsoft Corporation),
                                  version: 10.0.17134.137 (WinBuild.160101.0800)
00007FFC79E20000-00007FFC7B260000 SHELL32.dll (Microsoft Corporation),
                                  version: 10.0.17134.228 (WinBuild.160101.0800)
00007FFC77990000-00007FFC779D9000 cfgmgr32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC78E80000-00007FFC78F29000 shcore.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC78AF0000-00007FFC78E13000 combase.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC77FA0000-00007FFC786AD000 windows.storage.dll (Microsoft Corporation),
                                  version: 10.0.17134.285 (WinBuild.160101.0800)
00007FFC78E20000-00007FFC78E71000 shlwapi.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC778E0000-00007FFC778F1000 kernel.appcore.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC77900000-00007FFC7791F000 profapi.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC77940000-00007FFC7798C000 powrprof.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC778D0000-00007FFC778DA000 FLTLIB.DLL (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC79BC0000-00007FFC79BED000 IMM32.DLL (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC76880000-00007FFC768B1000 ntmarta.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC777D0000-00007FFC777F8000 USERENV.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC77800000-00007FFC77830000 SspiCli.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
0000028DF5F30000-0000028DF5F34000 api-ms-win-crt-runtime-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5F40000-0000028DF5F44000 api-ms-win-crt-string-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5F50000-0000028DF5F53000 api-ms-win-crt-heap-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5F60000-0000028DF5F64000 api-ms-win-crt-stdio-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5F70000-0000028DF5F74000 api-ms-win-crt-convert-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5F80000-0000028DF5F83000 api-ms-win-crt-locale-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5F90000-0000028DF5F95000 api-ms-win-crt-math-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5FA0000-0000028DF5FA5000 api-ms-win-crt-multibyte-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5FB0000-0000028DF5FB3000 api-ms-win-crt-time-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5FC0000-0000028DF5FC3000 api-ms-win-crt-filesystem-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5FD0000-0000028DF5FD3000 api-ms-win-crt-environment-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
0000028DF5FE0000-0000028DF5FE3000 api-ms-win-crt-utility-l1-1-0.dll (Microsoft Corporation),
                                  version: 10.0.15063.674 (WinBuild.160101.0800)
00007FFC3F280000-00007FFC3F404000 nss3.dll (Mozilla Foundation),
                                  version: 62.0.2
0000028DF5FF0000-0000028DF605C000 WS2_32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC740D0000-00007FFC740F3000 WINMM.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC5F9B0000-00007FFC5F9B9000 WSOCK32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC740A0000-00007FFC740CA000 WINMMBASE.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC3E570000-00007FFC3E621000 lgpllibs.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC270D0000-00007FFC2BB19000 xul.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC792A0000-00007FFC793F1000 ole32.dll (Microsoft Corporation),
                                  version: 10.0.17134.137 (WinBuild.160101.0800)
00007FFC78760000-00007FFC78942000 CRYPT32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC77920000-00007FFC77932000 MSASN1.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC79460000-00007FFC798AB000 SETUPAPI.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
0000028DF6300000-0000028DF6357000 WINTRUST.dll (Microsoft Corporation),
                                  version: 10.0.17134.81 (WinBuild.160101.0800)
00007FFC791C0000-00007FFC79282000 OLEAUT32.dll (Microsoft Corporation),
                                  version: 10.0.17134.48 (WinBuild.160101.0800)
00007FFC72E50000-00007FFC72E5A000 AVRT.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC4A110000-00007FFC4A129000 USP10.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC76D90000-00007FFC76DC8000 IPHLPAPI.DLL (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC75F00000-00007FFC75F29000 dwmapi.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC759E0000-00007FFC75A78000 UxTheme.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC73DE0000-00007FFC73DF3000 WTSAPI32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC58F10000-00007FFC58F26000 napinsp.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC57880000-00007FFC5789A000 pnrpnsp.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC73DC0000-00007FFC73DD9000 NLAapi.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC77010000-00007FFC77076000 mswsock.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC76DE0000-00007FFC76E9E000 DNSAPI.dll (Microsoft Corporation),
                                  version: 10.0.17134.165 (WinBuild.160101.0800)
00007FFC79BF0000-00007FFC79BF8000 NSI.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC59560000-00007FFC5956E000 winrnr.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC6EA10000-00007FFC6EA25000 wshbth.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC776E0000-00007FFC77707000 DEVOBJ.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC745F0000-00007FFC748FB000 d3d11.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC76550000-00007FFC7660B000 dxgi.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC71840000-00007FFC7270B000 igd10iumd64.dll (Intel Corporation),
                                  version: 20.19.15.4531
00007FFC772F0000-00007FFC77315000 bcrypt.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC772C0000-00007FFC772E6000 ncrypt.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC77280000-00007FFC772B6000 NTASN1.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC70590000-00007FFC70FD0000 igdusc64.dll (Intel Corporation),
                                  version: 20.19.15.4531
00007FFC74900000-00007FFC74EC7000 d2d1.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC70440000-00007FFC70479000 XmlLite.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC6C720000-00007FFC6CA3C000 dwrite.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC69A00000-00007FFC69AA8000 mscms.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC74100000-00007FFC74110000 ColorAdapterClient.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC429E0000-00007FFC42A23000 icm32.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC78A50000-00007FFC78AF0000 clbcatq.dll (Microsoft Corporation),
                                  version: 2001.12.10941.16384 (WinBuild.160101.080
00007FFC680A0000-00007FFC68116000 MMDevApi.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC757A0000-00007FFC75954000 PROPSYS.dll (Microsoft Corporation),
                                  version: 7.0.17134.112 (WinBuild.160101.0800)
00007FFC57C40000-00007FFC57D6C000 AUDIOSES.DLL (Microsoft Corporation),
                                  version: 10.0.17134.137 (WinBuild.160101.0800)
00007FFC73720000-00007FFC7386D000 wintypes.dll (Microsoft Corporation),
                                  version: 10.0.17134.112 (WinBuild.160101.0800)
00007FFC6C450000-00007FFC6C564000 Windows.UI.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC6C3B0000-00007FFC6C447000 TextInputFramework.dll (Microsoft Corporation),
                                  version: 10.0.17134.191 (WinBuild.160101.0800)
00007FFC6C330000-00007FFC6C3A9000 InputHost.dll (),
                                  version:
00007FFC729E0000-00007FFC72CFE000 CoreUIComponents.dll (Microsoft Corporation),
                                  version: 10.0.17134.112
00007FFC75070000-00007FFC7514A000 CoreMessaging.dll (Microsoft Corporation),
                                  version: 10.0.17134.286
00007FFC3E170000-00007FFC3E1B1000 mozavutil.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC3CBA0000-00007FFC3CD29000 mozavcodec.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC48120000-00007FFC482FB000 mfplat.dll (Microsoft Corporation),
                                  version: 10.0.17134.191 (WinBuild.160101.0800)
00007FFC480F0000-00007FFC4811E000 RTWorkQ.DLL (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC3E1C0000-00007FFC3E23B000 mf.dll (Microsoft Corporation),
                                  version: 10.0.17134.137 (WinBuild.160101.0800)
00007FFC428E0000-00007FFC42902000 dxva2.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC3D4A0000-00007FFC3D55A000 evr.dll (Microsoft Corporation),
                                  version: 10.0.17134.137 (WinBuild.160101.0800)
00007FFC3C4C0000-00007FFC3C717000 msmpeg2vdec.dll (Microsoft Corporation),
                                  version: 10.0.17134.191 (WinBuild.160101.0800)
00007FFC6DF20000-00007FFC6E04B000 mfperfhelper.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC771C0000-00007FFC771D7000 cryptsp.dll (Microsoft Corporation),
                                  version: 10.0.17134.1 (WinBuild.160101.0800)
00007FFC3F090000-00007FFC3F0C1000 softokn3.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC3DE60000-00007FFC3DED5000 freebl3.dll (Mozilla Foundation),
                                  version: 62.0.2
00007FFC70100000-00007FFC70128000 Cabinet.dll (Microsoft Corporation),
                                  version: 5.00 (WinBuild.160101.0800)

Code Injection
0000028DF3C20000-0000028DF3C21000    4KB C:\Program Files\Mozilla Firefox\firefox.exe [46928]
00007FFC7B65A000-00007FFC7B65B000    4KB
00007FFC7B65C000-00007FFC7B65D000    4KB
1  C:\Program Files\Mozilla Firefox\firefox.exe [46928]
2  C:\Program Files\Mozilla Firefox\firefox.exe [44088]
3  C:\Windows\explorer.exe [10904]
4  C:\Windows\System32\userinit.exe [10424]

Process Trace
1  C:\Program Files\Mozilla Firefox\firefox.exe [45764]
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="46928.3.473811551\213798364" -childID 1 -isForBrowser -prefsHandle 3132 -prefsLen 31646 -schedulerPrefs 0001,2 -parentBuildID 20180920131237 -greomni "C:\Program Files\Mozilla Firefox\o
2  C:\Program Files\Mozilla Firefox\firefox.exe [46928]
3  C:\Program Files\Mozilla Firefox\firefox.exe [44088]
4  C:\Windows\explorer.exe [10904]
5  C:\Windows\System32\userinit.exe [10424]

Thumbprint
ae442bb50bb7665e3d5ae3e77c8710016f972baafbfb1662c2121cb289a0a57d

 

If your brower is protected by HMPA's 'Safe Browsing' function, is it really necessary to have 'Keystroke Encryption' enabled as well for online activity -- or would the ' Safe Browsing' mode automatically detect anything strange that might be going on -- especially with regard to intercepting keystrokes??

 

I'm thinking that you will need both. A keylogger could be running locally on your machine.

 

I agree with that -- except that my firewall would detect a keylogger -- so I'm covered there.

 

Not sure about that one. A keylogger can run as a local process. Then depending on how it is designed, it may not be obvious to your firewall when it attempts to exfiltrate your info, if it uses a trusted process to do so.