Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 3, 2024, 9:32 a.m.	July 3, 2024, 9:35 a.m.

Size	20.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`19e7819eb886414b6bcab23db00541ec`
SHA256	`f42cfe4545c5c62bb19eabd37757c16d3fb69106d0ee25105319d5b15a51d9d2`
CRC32	`0899791F`
ssdeep	`393216:yRkA1LR74UgmMnRGfjXZYiJwBAOpVFwWJIXMGvmaWQg9m/QOtYzc:BA594xIbhmBAObCWeXMrNm/QOtYg`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check

outbyte-driver-updater.exe "C:\Users\test22\AppData\Local\Temp\outbyte-driver-updater.exe"
3060
- Installer.exe "C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Installer.exe" /spid:3060 /splha:8005536
  1188
  - ServiceHelper.Agent.exe "C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe" /install /silent
    2116
  - DriverUpdater.exe "C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe" /Install /AutoStart /CreateOSSnapshot
    2904
  - sc.exe sc start OutbyteDUHelper
    3156
  - DriverUpdater.exe "C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe" /AutoScan /FromInstaller
    3280
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
www.google-analytics.com	A 142.250.207.78	142.250.206.206
outbyte.com	A 45.33.97.245	45.33.97.245
ssl.outbyte.com	A 45.33.97.245	45.33.97.245
api.outbyte.com	A 192.155.86.205	192.155.86.205
du.outbyte.com	A 51.81.185.149	51.81.185.149

IP Address	Status	Action
142.250.207.78	Active	Moloch
164.124.101.2	Active	Moloch
192.155.86.205	Active	Moloch
45.33.97.245	Active	Moloch
51.81.185.149	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49164 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49167 -> 142.250.207.78:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49165 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49166 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49226 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49237 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49248 -> 192.155.86.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.155.86.205:443 -> 192.168.56.102:49249	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49163 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49192 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49227 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49260 -> 51.81.185.149:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 51.81.185.149:443 -> 192.168.56.102:49261	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49257 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49258 -> 51.81.185.149:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49240 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49254 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49253 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49278 -> 51.81.185.149:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 51.81.185.149:443 -> 192.168.56.102:49280	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49279 -> 51.81.185.149:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49282 -> 45.33.97.245:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49228 -> 51.81.185.149:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49232 -> 51.81.185.149:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49233 -> 142.250.207.78:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 51.81.185.149:443 -> 192.168.56.102:49234	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49247 -> 192.155.86.205:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49164 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49167 142.250.207.78:443	C=US, O=Google Trust Services, CN=WR2	CN=*.google-analytics.com	ba:5d:a9:7f:41:46:b0:37:01:9e:05:b0:92:ba:41:c9:31:5b:4b:4a
TLSv1 192.168.56.102:49165 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49166 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49226 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49237 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49192 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49227 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49257 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49163 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49240 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49254 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49253 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49282 45.33.97.245:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	CN=*.outbyte.com	d0:6e:29:18:9d:1c:99:37:a3:15:37:81:63:0c:69:08:8a:6c:31:4f
TLSv1 192.168.56.102:49233 142.250.207.78:443	C=US, O=Google Trust Services, CN=WR2	CN=*.google-analytics.com	ba:5d:a9:7f:41:46:b0:37:01:9e:05:b0:92:ba:41:c9:31:5b:4b:4a

Queries for the computername (49 events)

Time & API	Arguments	Status	Return
GetComputerNameW July 3, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 3, 2024, 9:34 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (50 out of 66 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:30 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:31 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:33 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0
IsDebuggerPresent July 3, 2024, 9:34 a.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW July 3, 2024, 9:34 a.m.	buffer: SERVICE_NAME: OutbyteDUHelper TYPE : 10 WIN32_OWN_PROCESS STATE : 2 START_PENDING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x7d0 PID : 3216 FLAGS : console_handle: 0x00000007	1	1	0

At least one process apparently crashed during execution (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrLoadDll July 3, 2024, 9:30 a.m.	module_name: FaultRep.dll basename: FaultRep stack_pivoted: 0 flags: 0 module_address: 0x73a90000	1	0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (2 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 3, 2024, 9:30 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.itext
section	.didata

One or more processes crashed (35 events)

Time & API	Arguments	Status
__exception__ July 3, 2024, 9:31 a.m.	stacktrace: TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212eb8 SHFreeMem-0x2d8 setuphelper+0x278034 @ 0x7d28034 SHGetParameter+0x2ff SHPerformOperation-0x105 setuphelper+0x278a1f @ 0x7d28a1f madTraceProcess+0x41492 dbkFCallWrapperAddr-0x4ebae installer+0xb045e @ 0x4b045e madTraceProcess+0x4152d dbkFCallWrapperAddr-0x4eb13 installer+0xb04f9 @ 0x4b04f9 madTraceProcess+0x411cf dbkFCallWrapperAddr-0x4ee71 installer+0xb019b @ 0x4b019b madTraceProcess+0x74b7d dbkFCallWrapperAddr-0x1b4c3 installer+0xe3b49 @ 0x4e3b49 @Vcl@Forms@TCustomForm@DoCreate$qqrv+0x37 @Vcl@Forms@TCustomForm@DoDestroy$qqrv-0x45 vcl250+0x176a9f @ 0x50bf6a9f @Axvcl@Controls@Axform@TAxForm@DoCreate$qqrv+0x23 @Axvcl@Controls@Axform@TAxForm@CreateWnd$qqrv-0x109 axcomponentsvcl+0x147d23 @ 0x50147d23 @Vcl@Forms@TCustomForm@AfterConstruction$qqrv+0x17 @Vcl@Forms@TCustomForm@InitializeNewForm$qqrv-0x21 vcl250+0x1766bb @ 0x50bf66bb @Axvcl@Controls@Axform@TAxForm@$bctr$qqrp25System@Classes@TComponent+0x79 @Axvcl@Controls@Axform@TAxForm@$bctr$qqrp25System@Classes@TComponenti-0x13 axcomponentsvcl+0x1478f5 @ 0x501478f5 madTraceProcess+0x7333a dbkFCallWrapperAddr-0x1cd06 installer+0xe2306 @ 0x4e2306 madTraceProcess+0x77ec7 dbkFCallWrapperAddr-0x18179 installer+0xe6e93 @ 0x4e6e93 @System@Classes@TBasicAction@Execute$qqrv+0x12 @System@Classes@TBasicAction@Update$qqrv-0xa rtl250+0x11dae2 @ 0xbddae2 @Vcl@Controls@TControl@WMLButtonUp$qqrr24Winapi@Messages@TWMMouse+0x7c @Vcl@Controls@TControl@WMRButtonUp$qqrr24Winapi@Messages@TWMMouse-0x14 vcl250+0x35638 @ 0x50ab5638 @Vcl@Controls@TControl@WndProc$qqrr24Winapi@Messages@TMessage+0x2c1 @Vcl@Controls@TControl@DefaultHandler$qqrpv-0xf vcl250+0x34c0d @ 0x50ab4c0d @Vcl@Controls@TWinControl@WndProc$qqrr24Winapi@Messages@TMessage+0x5ee @Vcl@Controls@TWinControl@DefaultHandler$qqrpv-0x26 vcl250+0x39782 @ 0x50ab9782 @Axvcl@Controls@Axaccessibleproxy@TAxCustomControlAccessible@WndProc$qqrr24Winapi@Messages@TMessage+0x15f @Axvcl@Controls@Axaccessibleproxy@TAxCustomControlAccessible@CreateWindowHandle$qqrrx26Vcl@Controls@TCreateParams-0x59 axcomponentsvcl+0xc7d8f @ 0x500c7d8f @Axvcl@Controls@Axcustomcontrol@TAxCustomControl@WndProc$qqrr24Winapi@Messages@TMessage+0x55 @Axvcl@Controls@Axcustomcontrol@TAxCustomControl@WMUpdateUiState$qqrr26Winapi@Messages@TWMUIState-0x7 axcomponentsvcl+0xc99ed @ 0x500c99ed @Axvcl@Controls@Axbuttoncontrol@TAxButtonControl@WndProc$qqrr24Winapi@Messages@TMessage+0xae @Axvcl@Controls@Axbuttoncontrol@TAxButtonControl@SetWordWrap$qqro-0x6 axcomponentsvcl+0xcbc16 @ 0x500cbc16 @Vcl@Controls@TWinControl@MainWndProc$qqrr24Winapi@Messages@TMessage+0x2f @Vcl@Controls@TWinControl@ControlAtPos$qqrrx19System@Types@TPointooo-0x115 vcl250+0x38d9f @ 0x50ab8d9f @System@Classes@TDataModule@WriteHeight$qqrp22System@Classes@TWriter+0x22 @System@Classes@MakeObjectInstance$qqrxynpqqrr24Winapi@Messages@TMessage$v-0x12 rtl250+0x11e846 @ 0xbde846 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75736d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x757377c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7573788a @Vcl@Forms@TApplication@ProcessMessage$qqrr6tagMSG+0xf8 @Vcl@Forms@TApplication@ProcessMessages$qqrv-0x1c vcl250+0x181968 @ 0x50c01968 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1636524 registers.edi: 1636828 registers.eax: 1636524 registers.ebp: 1636604 registers.edx: 0 registers.ebx: 1636832 registers.esi: 0 registers.ecx: 7	1
__exception__ July 3, 2024, 9:31 a.m.	stacktrace: TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212eb8 SHFreeMem-0x2d8 setuphelper+0x278034 @ 0x7d28034 SHGetParameter+0x2ff SHPerformOperation-0x105 setuphelper+0x278a1f @ 0x7d28a1f madTraceProcess+0x41492 dbkFCallWrapperAddr-0x4ebae installer+0xb045e @ 0x4b045e madTraceProcess+0x4152d dbkFCallWrapperAddr-0x4eb13 installer+0xb04f9 @ 0x4b04f9 madTraceProcess+0x411cf dbkFCallWrapperAddr-0x4ee71 installer+0xb019b @ 0x4b019b madTraceProcess+0x791cd dbkFCallWrapperAddr-0x16e73 installer+0xe8199 @ 0x4e8199 madTraceProcess+0x79100 dbkFCallWrapperAddr-0x16f40 installer+0xe80cc @ 0x4e80cc @Axvcl@Controls@Axpagehost@TAxCustomPageClient@DoEventEnter$qqrv+0x1e @Axvcl@Controls@Axpagehost@TAxCustomPageClient@DoEventLeave$qqrv-0x6 axcomponentsvcl+0x1ee3e6 @ 0x501ee3e6 @Axvcl@Controls@Axpagehost@TAxCustomPageHost@ShowPage$qqrv+0x4c @Axvcl@Controls@Axpagehost@TAxCustomPageHost@SetPage$qqrp45Axvcl@Controls@Axpagehost@TAxCustomPageClient-0x4 axcomponentsvcl+0x1edb58 @ 0x501edb58 @Axvcl@Controls@Axpagehost@TAxCustomPageHost@SetPage$qqrp45Axvcl@Controls@Axpagehost@TAxCustomPageClient+0x9c @Axvcl@Controls@Axpagehost@TAxCustomPageHost@SetName$qqrx20System@UnicodeString-0xa4 axcomponentsvcl+0x1edbf8 @ 0x501edbf8 madTraceProcess+0x73358 dbkFCallWrapperAddr-0x1cce8 installer+0xe2324 @ 0x4e2324 madTraceProcess+0x7872a dbkFCallWrapperAddr-0x17916 installer+0xe76f6 @ 0x4e76f6 @System@Classes@TBasicAction@Execute$qqrv+0x12 @System@Classes@TBasicAction@Update$qqrv-0xa rtl250+0x11dae2 @ 0xbddae2 @Vcl@Controls@TControl@WMLButtonUp$qqrr24Winapi@Messages@TWMMouse+0x7c @Vcl@Controls@TControl@WMRButtonUp$qqrr24Winapi@Messages@TWMMouse-0x14 vcl250+0x35638 @ 0x50ab5638 @Vcl@Controls@TControl@WndProc$qqrr24Winapi@Messages@TMessage+0x2c1 @Vcl@Controls@TControl@DefaultHandler$qqrpv-0xf vcl250+0x34c0d @ 0x50ab4c0d @Vcl@Controls@TWinControl@WndProc$qqrr24Winapi@Messages@TMessage+0x5ee @Vcl@Controls@TWinControl@DefaultHandler$qqrpv-0x26 vcl250+0x39782 @ 0x50ab9782 @Axvcl@Controls@Axaccessibleproxy@TAxCustomControlAccessible@WndProc$qqrr24Winapi@Messages@TMessage+0x15f @Axvcl@Controls@Axaccessibleproxy@TAxCustomControlAccessible@CreateWindowHandle$qqrrx26Vcl@Controls@TCreateParams-0x59 axcomponentsvcl+0xc7d8f @ 0x500c7d8f @Axvcl@Controls@Axcustomcontrol@TAxCustomControl@WndProc$qqrr24Winapi@Messages@TMessage+0x55 @Axvcl@Controls@Axcustomcontrol@TAxCustomControl@WMUpdateUiState$qqrr26Winapi@Messages@TWMUIState-0x7 axcomponentsvcl+0xc99ed @ 0x500c99ed @Axvcl@Controls@Axbuttoncontrol@TAxButtonControl@WndProc$qqrr24Winapi@Messages@TMessage+0xae @Axvcl@Controls@Axbuttoncontrol@TAxButtonControl@SetWordWrap$qqro-0x6 axcomponentsvcl+0xcbc16 @ 0x500cbc16 @Vcl@Controls@TWinControl@MainWndProc$qqrr24Winapi@Messages@TMessage+0x2f @Vcl@Controls@TWinControl@ControlAtPos$qqrrx19System@Types@TPointooo-0x115 vcl250+0x38d9f @ 0x50ab8d9f @System@Classes@TDataModule@WriteHeight$qqrp22System@Classes@TWriter+0x22 @System@Classes@MakeObjectInstance$qqrxynpqqrr24Winapi@Messages@TMessage$v-0x12 rtl250+0x11e846 @ 0xbde846 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75736d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x757377c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7573788a @Vcl@Forms@TApplication@ProcessMessage$qqrr6tagMSG+0xf8 @Vcl@Forms@TApplication@ProcessMessages$qqrv-0x1c vcl250+0x181968 @ 0x50c01968 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1636596 registers.edi: 1636900 registers.eax: 1636596 registers.ebp: 1636676 registers.edx: 0 registers.ebx: 1636904 registers.esi: 0 registers.ecx: 7	1
__exception__ July 3, 2024, 9:31 a.m.	stacktrace: TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212eb8 SHFreeMem-0x2d8 setuphelper+0x278034 @ 0x7d28034 SHGetParameter+0x2ff SHPerformOperation-0x105 setuphelper+0x278a1f @ 0x7d28a1f madTraceProcess+0x41492 dbkFCallWrapperAddr-0x4ebae installer+0xb045e @ 0x4b045e madTraceProcess+0x4152d dbkFCallWrapperAddr-0x4eb13 installer+0xb04f9 @ 0x4b04f9 madTraceProcess+0x411cf dbkFCallWrapperAddr-0x4ee71 installer+0xb019b @ 0x4b019b madTraceProcess+0x71021 dbkFCallWrapperAddr-0x1f01f installer+0xdffed @ 0x4dffed madTraceProcess+0x40d2f dbkFCallWrapperAddr-0x4f311 installer+0xafcfb @ 0x4afcfb TMethodImplementationIntercept+0x14afdf SHFreeMem-0xc81b1 setuphelper+0x1b015b @ 0x7c6015b TMethodImplementationIntercept+0x2094af SHFreeMem-0x9ce1 setuphelper+0x26e62b @ 0x7d1e62b TMethodImplementationIntercept+0x20a715 SHFreeMem-0x8a7b setuphelper+0x26f891 @ 0x7d1f891 TMethodImplementationIntercept+0x1b5862 SHFreeMem-0x5d92e setuphelper+0x21a9de @ 0x7cca9de TMethodImplementationIntercept+0xc660f SHFreeMem-0x14cb81 setuphelper+0x12b78b @ 0x7bdb78b TMethodImplementationIntercept+0xc6d5b SHFreeMem-0x14c435 setuphelper+0x12bed7 @ 0x7bdbed7 TMethodImplementationIntercept+0x57570 SHFreeMem-0x1bbc20 setuphelper+0xbc6ec @ 0x7b6c6ec __dbk_fcall_wrapper-0x739e setuphelper+0xa5f6 @ 0x7aba5f6 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 156498960 registers.edi: 156499264 registers.eax: 156498960 registers.ebp: 156499040 registers.edx: 0 registers.ebx: 156499268 registers.esi: 0 registers.ecx: 7	1
__exception__ July 3, 2024, 9:31 a.m.	stacktrace: TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 TMethodImplementationIntercept+0x212ccd SHFreeMem-0x4c3 setuphelper+0x277e49 @ 0x7d27e49 SHGetParameter+0x280 SHPerformOperation-0x184 setuphelper+0x2789a0 @ 0x7d289a0 madTraceProcess+0x41492 dbkFCallWrapperAddr-0x4ebae installer+0xb045e @ 0x4b045e madTraceProcess+0x406f5 dbkFCallWrapperAddr-0x4f94b installer+0xaf6c1 @ 0x4af6c1 madTraceProcess+0x71198 dbkFCallWrapperAddr-0x1eea8 installer+0xe0164 @ 0x4e0164 madTraceProcess+0x7107c dbkFCallWrapperAddr-0x1efc4 installer+0xe0048 @ 0x4e0048 madTraceProcess+0x40d2f dbkFCallWrapperAddr-0x4f311 installer+0xafcfb @ 0x4afcfb TMethodImplementationIntercept+0x14afdf SHFreeMem-0xc81b1 setuphelper+0x1b015b @ 0x7c6015b TMethodImplementationIntercept+0x2094af SHFreeMem-0x9ce1 setuphelper+0x26e62b @ 0x7d1e62b TMethodImplementationIntercept+0x20a715 SHFreeMem-0x8a7b setuphelper+0x26f891 @ 0x7d1f891 TMethodImplementationIntercept+0x1b5862 SHFreeMem-0x5d92e setuphelper+0x21a9de @ 0x7cca9de TMethodImplementationIntercept+0xc660f SHFreeMem-0x14cb81 setuphelper+0x12b78b @ 0x7bdb78b TMethodImplementationIntercept+0xc6d5b SHFreeMem-0x14c435 setuphelper+0x12bed7 @ 0x7bdbed7 TMethodImplementationIntercept+0x57570 SHFreeMem-0x1bbc20 setuphelper+0xbc6ec @ 0x7b6c6ec __dbk_fcall_wrapper-0x739e setuphelper+0xa5f6 @ 0x7aba5f6 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 156498988 registers.edi: 16 registers.eax: 156498988 registers.ebp: 156499068 registers.edx: 0 registers.ebx: 156499236 registers.esi: 0 registers.ecx: 7	1
__exception__ July 3, 2024, 9:31 a.m.	stacktrace: @Axrtl@System@Thread@TThread@SleepByAndCheck$qqrui+0x1f @Axrtl@System@Thread@TThread@CheckTerminateAndWait$qqrv-0x5 axcomponentsrtl+0x1a8d7 @ 0x87a8d7 @Axrtl@System@Thread@TThread@SleepByAndCheck$qqrui+0x1f @Axrtl@System@Thread@TThread@CheckTerminateAndWait$qqrv-0x5 axcomponentsrtl+0x1a8d7 @ 0x87a8d7 __dbk_fcall_wrapper+0x16fa6 DllGetInstance-0xbf52 googleanalyticshelperiv+0x187d2 @ 0x74b87d2 @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0x87a717 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0x87b2a4 __dbk_fcall_wrapper+0x6c741 madTraceProcess-0xe47 installer+0x6e185 @ 0x46e185 @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0xbda94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0xad19ba __dbk_fcall_wrapper+0x6c627 madTraceProcess-0xf61 installer+0x6e06b @ 0x46e06b __dbk_fcall_wrapper+0x6c68f madTraceProcess-0xef9 installer+0x6e0d3 @ 0x46e0d3 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 95616436 registers.edi: 0 registers.eax: 95616436 registers.ebp: 95616516 registers.edx: 0 registers.ebx: 55296032 registers.esi: 55055088 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5d0b1 DllGetInstance-0x767 taskschedulerhelper+0x5ea35 @ 0x7eaea35 __dbk_fcall_wrapper+0x5d228 DllGetInstance-0x5f0 taskschedulerhelper+0x5ebac @ 0x7eaebac madTraceProcess+0xc6819 dbkFCallWrapperAddr-0x2d7fff driverupdater+0x13700d @ 0x53700d madTraceProcess+0xc79e0 dbkFCallWrapperAddr-0x2d6e38 driverupdater+0x1381d4 @ 0x5381d4 madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc65f1 dbkFCallWrapperAddr-0x2d8227 driverupdater+0x136de5 @ 0x536de5 madTraceProcess+0xd66c0 dbkFCallWrapperAddr-0x2c8158 driverupdater+0x146eb4 @ 0x546eb4 madTraceProcess+0x35f92c dbkFCallWrapperAddr-0x3eeec driverupdater+0x3d0120 @ 0x7d0120 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637144 registers.edi: 61273100 registers.eax: 1637144 registers.ebp: 1637224 registers.edx: 0 registers.ebx: 132828438 registers.esi: 61940268 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5d0b1 DllGetInstance-0x767 taskschedulerhelper+0x5ea35 @ 0x7eaea35 __dbk_fcall_wrapper+0x5d228 DllGetInstance-0x5f0 taskschedulerhelper+0x5ebac @ 0x7eaebac __dbk_fcall_wrapper+0x5d3f2 DllGetInstance-0x426 taskschedulerhelper+0x5ed76 @ 0x7eaed76 madTraceProcess+0xc7a1a dbkFCallWrapperAddr-0x2d6dfe driverupdater+0x13820e @ 0x53820e madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc65f1 dbkFCallWrapperAddr-0x2d8227 driverupdater+0x136de5 @ 0x536de5 madTraceProcess+0xd66c0 dbkFCallWrapperAddr-0x2c8158 driverupdater+0x146eb4 @ 0x546eb4 madTraceProcess+0x35f92c dbkFCallWrapperAddr-0x3eeec driverupdater+0x3d0120 @ 0x7d0120 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637256 registers.edi: 61273100 registers.eax: 1637256 registers.ebp: 1637336 registers.edx: 0 registers.ebx: 132828438 registers.esi: 61940268 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5d0b1 DllGetInstance-0x767 taskschedulerhelper+0x5ea35 @ 0x7eaea35 __dbk_fcall_wrapper+0x5d32e DllGetInstance-0x4ea taskschedulerhelper+0x5ecb2 @ 0x7eaecb2 madTraceProcess+0xc7a51 dbkFCallWrapperAddr-0x2d6dc7 driverupdater+0x138245 @ 0x538245 madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc65f1 dbkFCallWrapperAddr-0x2d8227 driverupdater+0x136de5 @ 0x536de5 madTraceProcess+0xd66c0 dbkFCallWrapperAddr-0x2c8158 driverupdater+0x146eb4 @ 0x546eb4 madTraceProcess+0x35f92c dbkFCallWrapperAddr-0x3eeec driverupdater+0x3d0120 @ 0x7d0120 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637308 registers.edi: 61273100 registers.eax: 1637308 registers.ebp: 1637388 registers.edx: 0 registers.ebx: 132828438 registers.esi: 61940268 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5d0b1 DllGetInstance-0x767 taskschedulerhelper+0x5ea35 @ 0x7eaea35 __dbk_fcall_wrapper+0x5d32e DllGetInstance-0x4ea taskschedulerhelper+0x5ecb2 @ 0x7eaecb2 madTraceProcess+0xc7a51 dbkFCallWrapperAddr-0x2d6dc7 driverupdater+0x138245 @ 0x538245 madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc65f1 dbkFCallWrapperAddr-0x2d8227 driverupdater+0x136de5 @ 0x536de5 madTraceProcess+0xd66c0 dbkFCallWrapperAddr-0x2c8158 driverupdater+0x146eb4 @ 0x546eb4 madTraceProcess+0x35f92c dbkFCallWrapperAddr-0x3eeec driverupdater+0x3d0120 @ 0x7d0120 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637308 registers.edi: 61273100 registers.eax: 1637308 registers.ebp: 1637388 registers.edx: 0 registers.ebx: 132828438 registers.esi: 61940268 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0xc6819 dbkFCallWrapperAddr-0x2d7fff driverupdater+0x13700d @ 0x53700d madTraceProcess+0xc79e0 dbkFCallWrapperAddr-0x2d6e38 driverupdater+0x1381d4 @ 0x5381d4 madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc659c dbkFCallWrapperAddr-0x2d827c driverupdater+0x136d90 @ 0x536d90 madTraceProcess+0xd66d1 dbkFCallWrapperAddr-0x2c8147 driverupdater+0x146ec5 @ 0x546ec5 madTraceProcess+0x35f92c dbkFCallWrapperAddr-0x3eeec driverupdater+0x3d0120 @ 0x7d0120 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637192 registers.edi: 61178668 registers.eax: 1637192 registers.ebp: 1637272 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637640 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca __dbk_fcall_wrapper+0x5d3f2 DllGetInstance-0x426 taskschedulerhelper+0x5ed76 @ 0x7eaed76 madTraceProcess+0xc7a1a dbkFCallWrapperAddr-0x2d6dfe driverupdater+0x13820e @ 0x53820e madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc659c dbkFCallWrapperAddr-0x2d827c driverupdater+0x136d90 @ 0x536d90 madTraceProcess+0xd66d1 dbkFCallWrapperAddr-0x2c8147 driverupdater+0x146ec5 @ 0x546ec5 madTraceProcess+0x35f92c dbkFCallWrapperAddr-0x3eeec driverupdater+0x3d0120 @ 0x7d0120 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637304 registers.edi: 61178668 registers.eax: 1637304 registers.ebp: 1637384 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637680 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5b392 DllGetInstance-0x2486 taskschedulerhelper+0x5cd16 @ 0x7eacd16 __dbk_fcall_wrapper+0x5d0b1 DllGetInstance-0x767 taskschedulerhelper+0x5ea35 @ 0x7eaea35 __dbk_fcall_wrapper+0x5d32e DllGetInstance-0x4ea taskschedulerhelper+0x5ecb2 @ 0x7eaecb2 __dbk_fcall_wrapper+0x4fdef DllGetInstance-0xda29 taskschedulerhelper+0x51773 @ 0x7ea1773 __dbk_fcall_wrapper+0x4fee4 DllGetInstance-0xd934 taskschedulerhelper+0x51868 @ 0x7ea1868 __dbk_fcall_wrapper+0x4fa96 DllGetInstance-0xdd82 taskschedulerhelper+0x5141a @ 0x7ea141a __dbk_fcall_wrapper+0x5d5c5 DllGetInstance-0x253 taskschedulerhelper+0x5ef49 @ 0x7eaef49 madTraceProcess+0xc5f19 dbkFCallWrapperAddr-0x2d88ff driverupdater+0x13670d @ 0x53670d madTraceProcess+0x35f941 dbkFCallWrapperAddr-0x3eed7 driverupdater+0x3d0135 @ 0x7d0135 madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637416 registers.edi: 61273100 registers.eax: 1637416 registers.ebp: 1637496 registers.edx: 0 registers.ebx: 132828438 registers.esi: 61833700 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x263d68 dbkFCallWrapperAddr-0x13aab0 driverupdater+0x2d455c @ 0x6d455c madTraceProcess+0x261e02 dbkFCallWrapperAddr-0x13ca16 driverupdater+0x2d25f6 @ 0x6d25f6 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637328 registers.edi: 61898540 registers.eax: 1637328 registers.ebp: 1637408 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637688 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x263d68 dbkFCallWrapperAddr-0x13aab0 driverupdater+0x2d455c @ 0x6d455c madTraceProcess+0x261e02 dbkFCallWrapperAddr-0x13ca16 driverupdater+0x2d25f6 @ 0x6d25f6 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637328 registers.edi: 61865516 registers.eax: 1637328 registers.ebp: 1637408 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637688 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca __dbk_fcall_wrapper+0x5d3f2 DllGetInstance-0x426 taskschedulerhelper+0x5ed76 @ 0x7eaed76 madTraceProcess+0x2647a7 dbkFCallWrapperAddr-0x13a071 driverupdater+0x2d4f9b @ 0x6d4f9b madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637500 registers.edi: 61865516 registers.eax: 1637500 registers.ebp: 1637580 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x2647e0 dbkFCallWrapperAddr-0x13a038 driverupdater+0x2d4fd4 @ 0x6d4fd4 madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637516 registers.edi: 61865420 registers.eax: 1637516 registers.ebp: 1637596 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca __dbk_fcall_wrapper+0x5d3f2 DllGetInstance-0x426 taskschedulerhelper+0x5ed76 @ 0x7eaed76 madTraceProcess+0x2647a7 dbkFCallWrapperAddr-0x13a071 driverupdater+0x2d4f9b @ 0x6d4f9b madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637500 registers.edi: 61898540 registers.eax: 1637500 registers.ebp: 1637580 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x2647e0 dbkFCallWrapperAddr-0x13a038 driverupdater+0x2d4fd4 @ 0x6d4fd4 madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637516 registers.edi: 61898452 registers.eax: 1637516 registers.ebp: 1637596 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x263d68 dbkFCallWrapperAddr-0x13aab0 driverupdater+0x2d455c @ 0x6d455c madTraceProcess+0x261e02 dbkFCallWrapperAddr-0x13ca16 driverupdater+0x2d25f6 @ 0x6d25f6 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637328 registers.edi: 61898540 registers.eax: 1637328 registers.ebp: 1637408 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637688 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x263d68 dbkFCallWrapperAddr-0x13aab0 driverupdater+0x2d455c @ 0x6d455c madTraceProcess+0x261e02 dbkFCallWrapperAddr-0x13ca16 driverupdater+0x2d25f6 @ 0x6d25f6 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637328 registers.edi: 61865516 registers.eax: 1637328 registers.ebp: 1637408 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637688 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca __dbk_fcall_wrapper+0x5d3f2 DllGetInstance-0x426 taskschedulerhelper+0x5ed76 @ 0x7eaed76 madTraceProcess+0x2647a7 dbkFCallWrapperAddr-0x13a071 driverupdater+0x2d4f9b @ 0x6d4f9b madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637500 registers.edi: 61898540 registers.eax: 1637500 registers.ebp: 1637580 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x2647e0 dbkFCallWrapperAddr-0x13a038 driverupdater+0x2d4fd4 @ 0x6d4fd4 madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637516 registers.edi: 61898452 registers.eax: 1637516 registers.ebp: 1637596 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca __dbk_fcall_wrapper+0x5d3f2 DllGetInstance-0x426 taskschedulerhelper+0x5ed76 @ 0x7eaed76 madTraceProcess+0x2647a7 dbkFCallWrapperAddr-0x13a071 driverupdater+0x2d4f9b @ 0x6d4f9b madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637500 registers.edi: 61982716 registers.eax: 1637500 registers.ebp: 1637580 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x2647e0 dbkFCallWrapperAddr-0x13a038 driverupdater+0x2d4fd4 @ 0x6d4fd4 madTraceProcess+0x261e14 dbkFCallWrapperAddr-0x13ca04 driverupdater+0x2d2608 @ 0x6d2608 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637516 registers.edi: 61982636 registers.eax: 1637516 registers.ebp: 1637596 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637876 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ead822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7eaebca madTraceProcess+0x2637dc dbkFCallWrapperAddr-0x13b03c driverupdater+0x2d3fd0 @ 0x6d3fd0 madTraceProcess+0x263d68 dbkFCallWrapperAddr-0x13aab0 driverupdater+0x2d455c @ 0x6d455c madTraceProcess+0x261e02 dbkFCallWrapperAddr-0x13ca16 driverupdater+0x2d25f6 @ 0x6d25f6 madTraceProcess+0x35f959 dbkFCallWrapperAddr-0x3eebf driverupdater+0x3d014d @ 0x7d014d madTraceProcess+0x4d37d dbkFCallWrapperAddr-0x35149b driverupdater+0xbdb71 @ 0x4bdb71 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637328 registers.edi: 61865516 registers.eax: 1637328 registers.ebp: 1637408 registers.edx: 0 registers.ebx: 132831266 registers.esi: 1637688 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: madTraceProcess+0x4d382 dbkFCallWrapperAddr-0x351496 driverupdater+0xbdb76 @ 0x4bdb76 madTraceProcess+0x4d382 dbkFCallWrapperAddr-0x351496 driverupdater+0xbdb76 @ 0x4bdb76 madTraceProcess+0x4c552 dbkFCallWrapperAddr-0x3522c6 driverupdater+0xbcd46 @ 0x4bcd46 madTraceProcess+0x7747d dbkFCallWrapperAddr-0x32739b driverupdater+0xe7c71 @ 0x4e7c71 madTraceProcess+0xd5f51 dbkFCallWrapperAddr-0x2c88c7 driverupdater+0x146745 @ 0x546745 madTraceProcess+0x35f523 dbkFCallWrapperAddr-0x3f2f5 driverupdater+0x3cfd17 @ 0x7cfd17 madTraceProcess+0x391283 dbkFCallWrapperAddr-0xd595 driverupdater+0x401a77 @ 0x801a77 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1637876 registers.edi: 0 registers.eax: 1637876 registers.ebp: 1637956 registers.edx: 0 registers.ebx: 4294828032 registers.esi: 0 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: @Axrtl@System@Thread@TThread@SleepByAndCheck$qqrui+0x1f @Axrtl@System@Thread@TThread@CheckTerminateAndWait$qqrv-0x5 axcomponentsrtl+0x1a8d7 @ 0x11fa8d7 @Axrtl@System@Thread@TThread@SleepByAndCheck$qqrui+0x1f @Axrtl@System@Thread@TThread@CheckTerminateAndWait$qqrv-0x5 axcomponentsrtl+0x1a8d7 @ 0x11fa8d7 __dbk_fcall_wrapper+0x16fa6 DllGetInstance-0xbf52 googleanalyticshelperiv+0x187d2 @ 0x7e187d2 @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0x11fa717 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0x11fb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x155a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x14519ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 101776820 registers.edi: 0 registers.eax: 101776820 registers.ebp: 101776900 registers.edx: 0 registers.ebx: 61980784 registers.esi: 61739760 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ebd822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ebd822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7ebebca madTraceProcess+0xc6819 dbkFCallWrapperAddr-0x2d7fff driverupdater+0x13700d @ 0x53700d madTraceProcess+0xc79e0 dbkFCallWrapperAddr-0x2d6e38 driverupdater+0x1381d4 @ 0x5381d4 madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc88b1 dbkFCallWrapperAddr-0x2d5f67 driverupdater+0x1390a5 @ 0x5390a5 madTraceProcess+0xc84a0 dbkFCallWrapperAddr-0x2d6378 driverupdater+0x138c94 @ 0x538c94 madTraceProcess+0xd663e dbkFCallWrapperAddr-0x2c81da driverupdater+0x146e32 @ 0x546e32 madTraceProcess+0x35f57b dbkFCallWrapperAddr-0x3f29d driverupdater+0x3cfd6f @ 0x7cfd6f @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0xeba717 @Oxrtl@System@Threadex@TThreadEx@Execute$qqrv+0x1d @Oxrtl@System@Threadex@TThreadEx@GetCancelationToken$qqrv-0x3b oxcomponentsrtl+0x6b1a9 @ 0x1b9b1a9 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 119077548 registers.edi: 60574028 registers.eax: 119077548 registers.ebp: 119077628 registers.edx: 0 registers.ebx: 132896802 registers.esi: 119077996 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x78cd5 DllGetInstance-0x4d4e7 tweakmanagerhelper+0x7a5e9 @ 0xa88a5e9 __dbk_fcall_wrapper+0x76fac DllGetInstance-0x4f210 tweakmanagerhelper+0x788c0 @ 0xa8888c0 __dbk_fcall_wrapper+0x81d9a DllGetInstance-0x44422 tweakmanagerhelper+0x836ae @ 0xa8936ae __dbk_fcall_wrapper+0x82c74 DllGetInstance-0x43548 tweakmanagerhelper+0x84588 @ 0xa894588 __dbk_fcall_wrapper+0x82d0f DllGetInstance-0x434ad tweakmanagerhelper+0x84623 @ 0xa894623 __dbk_fcall_wrapper+0x2fa17 DllGetInstance-0x967a5 tweakmanagerhelper+0x3132b @ 0xa84132b @System@@AfterConstruction$qqrxp14System@TObject+0x20 @System@@BeforeDestruction$qqrxp14System@TObjectzc-0x30 rtl250+0x1003c @ 0x111003c __dbk_fcall_wrapper+0x2ef65 DllGetInstance-0x97257 tweakmanagerhelper+0x30879 @ 0xa840879 __dbk_fcall_wrapper+0x2ebf8 DllGetInstance-0x975c4 tweakmanagerhelper+0x3050c @ 0xa84050c __dbk_fcall_wrapper+0x2f0b6 DllGetInstance-0x97106 tweakmanagerhelper+0x309ca @ 0xa8409ca __dbk_fcall_wrapper+0xaf007 DllGetInstance-0x171b5 tweakmanagerhelper+0xb091b @ 0xa8c091b __dbk_fcall_wrapper+0x2ef5a DllGetInstance-0x97262 tweakmanagerhelper+0x3086e @ 0xa84086e __dbk_fcall_wrapper+0x2ebf8 DllGetInstance-0x975c4 tweakmanagerhelper+0x3050c @ 0xa84050c __dbk_fcall_wrapper+0x2ed15 DllGetInstance-0x974a7 tweakmanagerhelper+0x30629 @ 0xa840629 __dbk_fcall_wrapper+0xa8c0b DllGetInstance-0x1d5b1 tweakmanagerhelper+0xaa51f @ 0xa8ba51f @Axrtl@Project@Interfacedobject@DllGetInstanceInternal$qqsrx5_GUIDpvpp17System@TMetaClassxi+0x76 @Axrtl@Project@Interfacedobject@DllCanUnloadNowInternal$qqspp17System@TMetaClassxi-0x7a axcomponentsrtl+0x664b2 @ 0xf064b2 DllGetInstance+0x29 DllCanUnloadNow-0x7 tweakmanagerhelper+0xc7af9 @ 0xa8d7af9 @Axrtl@Dllroutines@DllRoutines@TLibraryItem@GetInstance$qqrrx5_GUIDpv+0xe @Axrtl@Dllroutines@DllRoutines@TLibraryItem@GetVersion$qqrr16_DLLVERSIONINFO2-0xa axcomponentsrtl+0x2236a @ 0xec236a @Axrtl@Dllroutines@DllRoutines@GetInstanceInternal$qqrx20System@UnicodeStringrx5_GUIDpv+0xba @Axrtl@Dllroutines@DllRoutines@GetInstance$qqrx20System@UnicodeStringrx5_GUIDpv-0xe axcomponentsrtl+0x22bb6 @ 0xec2bb6 @Axrtl@Dllroutines@DllRoutines@GetInstance$qqrx20System@UnicodeStringrx5_GUIDpv+0x2d @Axrtl@Dllroutines@DllRoutines@TryGetInstance$qqrx20System@UnicodeStringrx5_GUIDpv-0x21f axcomponentsrtl+0x22bf1 @ 0xec2bf1 madTraceProcess+0x176121 dbkFCallWrapperAddr-0x2286f7 driverupdater+0x1e6915 @ 0x5e6915 madTraceProcess+0x177b5d dbkFCallWrapperAddr-0x226cbb driverupdater+0x1e8351 @ 0x5e8351 madTraceProcess+0xd87da dbkFCallWrapperAddr-0x2c603e driverupdater+0x148fce @ 0x548fce madTraceProcess+0x16dcd4 dbkFCallWrapperAddr-0x230b44 driverupdater+0x1de4c8 @ 0x5de4c8 madTraceProcess+0x1d9c7a dbkFCallWrapperAddr-0x1c4b9e driverupdater+0x24a46e @ 0x64a46e madTraceProcess+0x35f585 dbkFCallWrapperAddr-0x3f293 driverupdater+0x3cfd79 @ 0x7cfd79 @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0xeba717 @Oxrtl@System@Threadex@TThreadEx@Execute$qqrv+0x1d @Oxrtl@System@Threadex@TThreadEx@GetCancelationToken$qqrv-0x3b oxcomponentsrtl+0x6b1a9 @ 0x1b9b1a9 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 119077388 registers.edi: 0 registers.eax: 119077388 registers.ebp: 119077468 registers.edx: 0 registers.ebx: 121552348 registers.esi: 1060 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x78cd5 DllGetInstance-0x4d4e7 tweakmanagerhelper+0x7a5e9 @ 0xa88a5e9 __dbk_fcall_wrapper+0x76fac DllGetInstance-0x4f210 tweakmanagerhelper+0x788c0 @ 0xa8888c0 __dbk_fcall_wrapper+0x81d9a DllGetInstance-0x44422 tweakmanagerhelper+0x836ae @ 0xa8936ae __dbk_fcall_wrapper+0x82c74 DllGetInstance-0x43548 tweakmanagerhelper+0x84588 @ 0xa894588 __dbk_fcall_wrapper+0x82d0f DllGetInstance-0x434ad tweakmanagerhelper+0x84623 @ 0xa894623 __dbk_fcall_wrapper+0x2fa17 DllGetInstance-0x967a5 tweakmanagerhelper+0x3132b @ 0xa84132b @System@@AfterConstruction$qqrxp14System@TObject+0x20 @System@@BeforeDestruction$qqrxp14System@TObjectzc-0x30 rtl250+0x1003c @ 0x111003c __dbk_fcall_wrapper+0x2ef65 DllGetInstance-0x97257 tweakmanagerhelper+0x30879 @ 0xa840879 __dbk_fcall_wrapper+0x2ebf8 DllGetInstance-0x975c4 tweakmanagerhelper+0x3050c @ 0xa84050c __dbk_fcall_wrapper+0x2f0b6 DllGetInstance-0x97106 tweakmanagerhelper+0x309ca @ 0xa8409ca __dbk_fcall_wrapper+0xb2d09 DllGetInstance-0x134b3 tweakmanagerhelper+0xb461d @ 0xa8c461d __dbk_fcall_wrapper+0xb2dbd DllGetInstance-0x133ff tweakmanagerhelper+0xb46d1 @ 0xa8c46d1 __dbk_fcall_wrapper+0x2ef5a DllGetInstance-0x97262 tweakmanagerhelper+0x3086e @ 0xa84086e __dbk_fcall_wrapper+0x2ebf8 DllGetInstance-0x975c4 tweakmanagerhelper+0x3050c @ 0xa84050c __dbk_fcall_wrapper+0x2ed15 DllGetInstance-0x974a7 tweakmanagerhelper+0x30629 @ 0xa840629 __dbk_fcall_wrapper+0xa8c0b DllGetInstance-0x1d5b1 tweakmanagerhelper+0xaa51f @ 0xa8ba51f @Axrtl@Project@Interfacedobject@DllGetInstanceInternal$qqsrx5_GUIDpvpp17System@TMetaClassxi+0x76 @Axrtl@Project@Interfacedobject@DllCanUnloadNowInternal$qqspp17System@TMetaClassxi-0x7a axcomponentsrtl+0x664b2 @ 0xf064b2 DllGetInstance+0x29 DllCanUnloadNow-0x7 tweakmanagerhelper+0xc7af9 @ 0xa8d7af9 @Axrtl@Dllroutines@DllRoutines@TLibraryItem@GetInstance$qqrrx5_GUIDpv+0xe @Axrtl@Dllroutines@DllRoutines@TLibraryItem@GetVersion$qqrr16_DLLVERSIONINFO2-0xa axcomponentsrtl+0x2236a @ 0xec236a @Axrtl@Dllroutines@DllRoutines@GetInstanceInternal$qqrx20System@UnicodeStringrx5_GUIDpv+0xba @Axrtl@Dllroutines@DllRoutines@GetInstance$qqrx20System@UnicodeStringrx5_GUIDpv-0xe axcomponentsrtl+0x22bb6 @ 0xec2bb6 @Axrtl@Dllroutines@DllRoutines@GetInstance$qqrx20System@UnicodeStringrx5_GUIDpv+0x2d @Axrtl@Dllroutines@DllRoutines@TryGetInstance$qqrx20System@UnicodeStringrx5_GUIDpv-0x21f axcomponentsrtl+0x22bf1 @ 0xec2bf1 madTraceProcess+0x176121 dbkFCallWrapperAddr-0x2286f7 driverupdater+0x1e6915 @ 0x5e6915 madTraceProcess+0x177b5d dbkFCallWrapperAddr-0x226cbb driverupdater+0x1e8351 @ 0x5e8351 madTraceProcess+0xd87da dbkFCallWrapperAddr-0x2c603e driverupdater+0x148fce @ 0x548fce madTraceProcess+0x16dcd4 dbkFCallWrapperAddr-0x230b44 driverupdater+0x1de4c8 @ 0x5de4c8 madTraceProcess+0x1d9c7a dbkFCallWrapperAddr-0x1c4b9e driverupdater+0x24a46e @ 0x64a46e madTraceProcess+0x35f585 dbkFCallWrapperAddr-0x3f293 driverupdater+0x3cfd79 @ 0x7cfd79 @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0xeba717 @Oxrtl@System@Threadex@TThreadEx@Execute$qqrv+0x1d @Oxrtl@System@Threadex@TThreadEx@GetCancelationToken$qqrv-0x3b oxcomponentsrtl+0x6b1a9 @ 0x1b9b1a9 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 119077360 registers.edi: 0 registers.eax: 119077360 registers.ebp: 119077440 registers.edx: 0 registers.ebx: 121704524 registers.esi: 1060 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x78cd5 DllGetInstance-0x4d4e7 tweakmanagerhelper+0x7a5e9 @ 0xa88a5e9 __dbk_fcall_wrapper+0x76fac DllGetInstance-0x4f210 tweakmanagerhelper+0x788c0 @ 0xa8888c0 __dbk_fcall_wrapper+0x81d9a DllGetInstance-0x44422 tweakmanagerhelper+0x836ae @ 0xa8936ae __dbk_fcall_wrapper+0x82c74 DllGetInstance-0x43548 tweakmanagerhelper+0x84588 @ 0xa894588 __dbk_fcall_wrapper+0x82d0f DllGetInstance-0x434ad tweakmanagerhelper+0x84623 @ 0xa894623 __dbk_fcall_wrapper+0x2fa17 DllGetInstance-0x967a5 tweakmanagerhelper+0x3132b @ 0xa84132b @System@@AfterConstruction$qqrxp14System@TObject+0x20 @System@@BeforeDestruction$qqrxp14System@TObjectzc-0x30 rtl250+0x1003c @ 0x111003c __dbk_fcall_wrapper+0x2ef65 DllGetInstance-0x97257 tweakmanagerhelper+0x30879 @ 0xa840879 __dbk_fcall_wrapper+0x2ebf8 DllGetInstance-0x975c4 tweakmanagerhelper+0x3050c @ 0xa84050c __dbk_fcall_wrapper+0x2f0b6 DllGetInstance-0x97106 tweakmanagerhelper+0x309ca @ 0xa8409ca __dbk_fcall_wrapper+0xb2d09 DllGetInstance-0x134b3 tweakmanagerhelper+0xb461d @ 0xa8c461d __dbk_fcall_wrapper+0xb2dca DllGetInstance-0x133f2 tweakmanagerhelper+0xb46de @ 0xa8c46de __dbk_fcall_wrapper+0x2ef5a DllGetInstance-0x97262 tweakmanagerhelper+0x3086e @ 0xa84086e __dbk_fcall_wrapper+0x2ebf8 DllGetInstance-0x975c4 tweakmanagerhelper+0x3050c @ 0xa84050c __dbk_fcall_wrapper+0x2ed15 DllGetInstance-0x974a7 tweakmanagerhelper+0x30629 @ 0xa840629 __dbk_fcall_wrapper+0xa8c0b DllGetInstance-0x1d5b1 tweakmanagerhelper+0xaa51f @ 0xa8ba51f @Axrtl@Project@Interfacedobject@DllGetInstanceInternal$qqsrx5_GUIDpvpp17System@TMetaClassxi+0x76 @Axrtl@Project@Interfacedobject@DllCanUnloadNowInternal$qqspp17System@TMetaClassxi-0x7a axcomponentsrtl+0x664b2 @ 0xf064b2 DllGetInstance+0x29 DllCanUnloadNow-0x7 tweakmanagerhelper+0xc7af9 @ 0xa8d7af9 @Axrtl@Dllroutines@DllRoutines@TLibraryItem@GetInstance$qqrrx5_GUIDpv+0xe @Axrtl@Dllroutines@DllRoutines@TLibraryItem@GetVersion$qqrr16_DLLVERSIONINFO2-0xa axcomponentsrtl+0x2236a @ 0xec236a @Axrtl@Dllroutines@DllRoutines@GetInstanceInternal$qqrx20System@UnicodeStringrx5_GUIDpv+0xba @Axrtl@Dllroutines@DllRoutines@GetInstance$qqrx20System@UnicodeStringrx5_GUIDpv-0xe axcomponentsrtl+0x22bb6 @ 0xec2bb6 @Axrtl@Dllroutines@DllRoutines@GetInstance$qqrx20System@UnicodeStringrx5_GUIDpv+0x2d @Axrtl@Dllroutines@DllRoutines@TryGetInstance$qqrx20System@UnicodeStringrx5_GUIDpv-0x21f axcomponentsrtl+0x22bf1 @ 0xec2bf1 madTraceProcess+0x176121 dbkFCallWrapperAddr-0x2286f7 driverupdater+0x1e6915 @ 0x5e6915 madTraceProcess+0x177b5d dbkFCallWrapperAddr-0x226cbb driverupdater+0x1e8351 @ 0x5e8351 madTraceProcess+0xd87da dbkFCallWrapperAddr-0x2c603e driverupdater+0x148fce @ 0x548fce madTraceProcess+0x16dcd4 dbkFCallWrapperAddr-0x230b44 driverupdater+0x1de4c8 @ 0x5de4c8 madTraceProcess+0x1d9c7a dbkFCallWrapperAddr-0x1c4b9e driverupdater+0x24a46e @ 0x64a46e madTraceProcess+0x35f585 dbkFCallWrapperAddr-0x3f293 driverupdater+0x3cfd79 @ 0x7cfd79 @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0xeba717 @Oxrtl@System@Threadex@TThreadEx@Execute$qqrv+0x1d @Oxrtl@System@Threadex@TThreadEx@GetCancelationToken$qqrv-0x3b oxcomponentsrtl+0x6b1a9 @ 0x1b9b1a9 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 119077360 registers.edi: 0 registers.eax: 119077360 registers.ebp: 119077440 registers.edx: 0 registers.ebx: 138519092 registers.esi: 1060 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: @System@Sysutils@RaiseLastOSError$qqrix20System@UnicodeString+0x81 @System@Sysutils@CheckOSError$qqri-0x23 rtl250+0x50735 @ 0x1150735 @System@Sysutils@RaiseLastOSError$qqri+0x7 @System@Sysutils@RaiseLastOSError$qqrix20System@UnicodeString-0x1 rtl250+0x506b3 @ 0x11506b3 madTraceProcess+0x1d0222 dbkFCallWrapperAddr-0x1ce5f6 driverupdater+0x240a16 @ 0x640a16 madTraceProcess+0x1d096c dbkFCallWrapperAddr-0x1cdeac driverupdater+0x241160 @ 0x641160 madTraceProcess+0x164334 dbkFCallWrapperAddr-0x23a4e4 driverupdater+0x1d4b28 @ 0x5d4b28 @Axrtl@System@Thread@TThread@Execute$qqrv+0x84 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x68 axcomponentsrtl+0x1a744 @ 0xeba744 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 202112228 registers.edi: 0 registers.eax: 202112228 registers.ebp: 202112308 registers.edx: 0 registers.ebx: 1062 registers.esi: 0 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ebd822 __dbk_fcall_wrapper+0x5be9e DllGetInstance-0x197a taskschedulerhelper+0x5d822 @ 0x7ebd822 __dbk_fcall_wrapper+0x5d246 DllGetInstance-0x5d2 taskschedulerhelper+0x5ebca @ 0x7ebebca madTraceProcess+0xc6819 dbkFCallWrapperAddr-0x2d7fff driverupdater+0x13700d @ 0x53700d madTraceProcess+0xc79e0 dbkFCallWrapperAddr-0x2d6e38 driverupdater+0x1381d4 @ 0x5381d4 madTraceProcess+0xc7ff0 dbkFCallWrapperAddr-0x2d6828 driverupdater+0x1387e4 @ 0x5387e4 madTraceProcess+0xc88b1 dbkFCallWrapperAddr-0x2d5f67 driverupdater+0x1390a5 @ 0x5390a5 madTraceProcess+0xc8716 dbkFCallWrapperAddr-0x2d6102 driverupdater+0x138f0a @ 0x538f0a @Axrtl@Project@Eventnotifier@EventNotifier@ProcessMessage$qqrr24Winapi@Messages@TMessage+0x5f @Axrtl@Project@Eventnotifier@EventNotifier@WndProc$qqrr24Winapi@Messages@TMessage-0x45 axcomponentsrtl+0xbce37 @ 0xf5ce37 @Axrtl@Project@Eventnotifier@EventNotifier@WndProc$qqrr24Winapi@Messages@TMessage+0x2c @Axrtl@Project@Eventnotifier@EventNotifier@THandleItem@$bctr$qqruipxuixi-0x14 axcomponentsrtl+0xbcea8 @ 0xf5cea8 @Axrtl@System@Sysutils@SysUtils@StdWndProc$qqsp6HWND__iuii+0x3a @Axrtl@System@Sysutils@SysUtils@DefWindowProc$qqruir24Winapi@Messages@TMessage-0x16 axcomponentsrtl+0x6ba2 @ 0xea6ba2 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x757362fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75736d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x757377c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7573788a @Vcl@Forms@TApplication@ProcessMessage$qqrr6tagMSG+0xf8 @Vcl@Forms@TApplication@ProcessMessages$qqrv-0x1c vcl250+0x181968 @ 0x50c01968 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 1635572 registers.edi: 60579124 registers.eax: 1635572 registers.ebp: 1635652 registers.edx: 0 registers.ebx: 132896802 registers.esi: 1636020 registers.ecx: 7	1
__exception__ July 3, 2024, 9:34 a.m.	stacktrace: @System@Classes@TFileStream@$bctr$qqrx20System@UnicodeStringusui+0x12b @System@Classes@TFileStream@$bdtr$qqrv-0x51 rtl250+0x1092a3 @ 0x12092a3 @System@Classes@TFileStream@$bctr$qqrx20System@UnicodeStringus+0x25 @System@Classes@TFileStream@$bctr$qqrx20System@UnicodeStringusui-0x1f rtl250+0x109159 @ 0x1209159 madTraceProcess+0x3f343 GetInstance-0xec479 driverupdaterhelper+0x1600f3 @ 0x8f800f3 madTraceProcess+0x3f014 GetInstance-0xec7a8 driverupdaterhelper+0x15fdc4 @ 0x8f7fdc4 madTraceProcess+0x4073e GetInstance-0xeb07e driverupdaterhelper+0x1614ee @ 0x8f814ee madTraceProcess+0x40e6c GetInstance-0xea950 driverupdaterhelper+0x161c1c @ 0x8f81c1c madTraceProcess+0x40f00 GetInstance-0xea8bc driverupdaterhelper+0x161cb0 @ 0x8f81cb0 madTraceProcess+0x11c282 GetInstance-0xf53a driverupdaterhelper+0x23d032 @ 0x905d032 madTraceProcess+0x11f78b GetInstance-0xc031 driverupdaterhelper+0x24053b @ 0x906053b madTraceProcess+0x11a7f4 GetInstance-0x10fc8 driverupdaterhelper+0x23b5a4 @ 0x905b5a4 madTraceProcess+0x172e52 dbkFCallWrapperAddr-0x22b9c6 driverupdater+0x1e3646 @ 0x5e3646 madTraceProcess+0x16d99c dbkFCallWrapperAddr-0x230e7c driverupdater+0x1de190 @ 0x5de190 madTraceProcess+0x16f22b dbkFCallWrapperAddr-0x22f5ed driverupdater+0x1dfa1f @ 0x5dfa1f @Axrtl@System@Thread@TThread@Execute$qqrv+0x84 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x68 axcomponentsrtl+0x1a744 @ 0xeba744 @Oxrtl@System@Threadex@TThreadEx@Execute$qqrv+0x1d @Oxrtl@System@Threadex@TThreadEx@GetCancelationToken$qqrv-0x3b oxcomponentsrtl+0x6b1a9 @ 0x1b9b1a9 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 217053584 registers.edi: 64 registers.eax: 217053584 registers.ebp: 217053664 registers.edx: 0 registers.ebx: 138324800 registers.esi: 59779292 registers.ecx: 7	1
__exception__ July 3, 2024, 9:35 a.m.	stacktrace: madTraceProcess+0x8760c dbkFCallWrapperAddr-0x31720c driverupdater+0xf7e00 @ 0x4f7e00 madTraceProcess+0x8760c dbkFCallWrapperAddr-0x31720c driverupdater+0xf7e00 @ 0x4f7e00 madTraceProcess+0x87ad1 dbkFCallWrapperAddr-0x316d47 driverupdater+0xf82c5 @ 0x4f82c5 madTraceProcess+0x8778e dbkFCallWrapperAddr-0x31708a driverupdater+0xf7f82 @ 0x4f7f82 @Axrtl@System@Thread@TThread@Execute$qqrv+0x57 @Axrtl@System@Thread@TThread@CallOnTerminate$qqrv-0x95 axcomponentsrtl+0x1a717 @ 0xeba717 @Axrtl@System@Thread@TThread@TInternalThread@Execute$qqrv+0x6c @Axrtl@System@Thread@TThread@TInternalThread@TerminatedSet$qqrv-0x100 axcomponentsrtl+0x1b2a4 @ 0xebb2a4 __dbk_fcall_wrapper+0x6de91 madTraceProcess-0xe47 driverupdater+0x6f9ad @ 0x46f9ad @System@Classes@CheckSynchronize$qqri+0x28c @System@Classes@TThread@$bctr$qqrv-0x70 rtl250+0x11a94c @ 0x121a94c @System@@Assert$qqrx20System@UnicodeStringt1i+0x66 @System@BeginThread$qqrpvuipqqrpv$it1uirui-0xe rtl250+0x119ba @ 0x11119ba __dbk_fcall_wrapper+0x6dd77 madTraceProcess-0xf61 driverupdater+0x6f893 @ 0x46f893 __dbk_fcall_wrapper+0x6dddf madTraceProcess-0xef9 driverupdater+0x6f8fb @ 0x46f8fb BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x74e833ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x774a9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x774a9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7588b727 registers.esp: 105970888 registers.edi: 0 registers.eax: 105970888 registers.ebp: 105970968 registers.edx: 0 registers.ebx: 60605968 registers.esi: 60363584 registers.ecx: 7	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

POST method with no referer header, POST method with no useragent header

suspicious_request

POST https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg

Performs some HTTP requests (1 event)

request

POST https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg

Sends data using the HTTP POST Method (1 event)

request

POST https://www.google-analytics.com/mp/collect?measurement_id=G-SEW4YMR3XJ&api_secret=Bwp8gLa9SqG7iUYK8RMmcg

Allocates read-write-execute memory (usually to unpack itself) (50 out of 383 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 3060 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x742e2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00860000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x014f0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x50000000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x50c01000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x50c01000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b10000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bda000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x742e2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00506000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x50d12000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73b71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73be1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ea1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ee1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74091000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74141000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74371000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74420000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74d60000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74db1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74fc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75181000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75281000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x753a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75571000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75730000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75821000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (7 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceExW July 3, 2024, 9:30 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 9050370048 root_path: C:\Users\test22\AppData\Roaming\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW July 3, 2024, 9:26 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 8972595200 root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer total_number_of_bytes: 0	1	1
GetDiskFreeSpaceExW July 3, 2024, 9:33 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 8976285696 root_path: C:\Users\test22\AppData\Roaming\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW July 3, 2024, 9:34 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 8960380928 root_path: C:\Users\test22\AppData\Roaming\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW July 3, 2024, 9:34 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 8604807168 root_path: C:\Users\test22\AppData\Roaming\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW July 3, 2024, 9:34 a.m.	total_number_of_free_bytes: 8652234752 free_bytes_available: 8652234752 root_path: C: total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW July 3, 2024, 9:34 a.m.	total_number_of_free_bytes: 8517079040 free_bytes_available: 8517079040 root_path: C: total_number_of_bytes: 34252779520	1	1

Steals private information from local Internet browsers (4 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History
file	C:\Users\test22\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Creates executable files on the filesystem (15 events)

file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\CommonForms.Site.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\BrowserHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\GoogleAnalyticsHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Downloader.exe
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\__setup\islzma.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\GoogleAnalyticsHelperIV.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Localizer.dll
file	C:\Users\test22\Desktop\Driver Updater.lnk
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\CFAHelper.dll
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte\Driver Updater\Outbyte Driver Updater Uninstall.lnk
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\SetupHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\InstallerUtils.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Installer.exe
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\DriverUpdater.exe
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte\Driver Updater\Outbyte Driver Updater.lnk

Creates a service (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW July 3, 2024, 9:33 a.m.	service_start_name: start_type: 2 password: display_name: Outbyte DU Helper filepath: C:\Windows\System32\"C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe" service_name: OutbyteDUHelper filepath_r: "C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe" desired_access: 983551 service_handle: 0x0096d8c8 error_control: 1 service_type: 16 service_manager_handle: 0x0096d850	1	9885896	0

Creates a shortcut to an executable file (4 events)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte\Driver Updater\Outbyte Driver Updater.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outbyte\Driver Updater\Outbyte Driver Updater Uninstall.lnk
file	C:\Users\test22\Desktop\Driver Updater.lnk

Drops an executable to the user AppData folder (19 events)

file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\CFAHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\GoogleAnalyticsHelperIV.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\__setup\islzma.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\vclie250.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Installer.exe
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\CommonForms.Site.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Downloader.exe
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\SetupHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\vcl250.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\Localizer.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\GoogleAnalyticsHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\vclimg250.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\AxComponentsVCL.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\InstallerUtils.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\rtl250.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\OxComponentsRTL.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\AxComponentsRTL.bpl
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\BrowserHelper.dll
file	C:\Users\test22\AppData\Local\Temp\is-27611082.tmp\DriverUpdater.exe

Executes one or more WMI queries (4 events)

wmi	select * from Win32_PnPEntity where (ClassGuid = "{5175d334-c371-4806-b3ba-71fd53c9258d}")
wmi	SELECT Name, Description, DeviceID, Manufacturer, Family, Level, Stepping, Version, Revision, SocketDesignation, OtherFamilyDescription, ProcessorType, NumberOfCores, NumberOfLogicalProcessors, Architecture, AddressWidth, DataWidth, MaxClockSpeed, VoltageCaps, ProcessorId, UniqueId, Role, CurrentClockSpeed, ExtClock, CurrentVoltage, CpuStatus, Status FROM Win32_Processor
wmi	select ChassisTypes from Win32_SystemEnclosure
wmi	select Model, PNPDeviceID, InterfaceType from Win32_DiskDrive where Index = 0

File has been identified by 4 AntiVirus engines on VirusTotal as malicious (4 events)

ESET-NOD32	a variant of Generik.IXKVLWK potentially unwanted
DrWeb	Program.Unwanted.5457
Malwarebytes	PUP.Optional.Outbyte
CrowdStrike	win/grayware_confidence_90% (D)

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 3, 2024, 9:30 a.m.	process_identifier: 1188 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x07481000 process_handle: 0xffffffff	1	0	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (40 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 3, 2024, 9:34 a.m.	system_name: privilege_name: SeAssignPrimaryTokenPrivilege	1	1

Queries for potentially installed applications (26 events)

Time & API	Arguments	Status	Return
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1		2
RegOpenKeyExW July 3, 2024, 9:30 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\B38B494B-46F8-4765-8D92-31B8F10D8FD3_is1		2
RegOpenKeyExW July 3, 2024, 9:31 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1		2
RegOpenKeyExW July 3, 2024, 9:31 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000008 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_is1		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020009 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ base_handle: 0x80000002 key_handle: 0x00000968 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\	1	0
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020009 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\ base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020109 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\ base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020009 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Skype_is1\		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020009 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ base_handle: 0x80000002 key_handle: 0x00000c34 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\	1	0
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00020009 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser		2
RegOpenKeyExW July 3, 2024, 9:34 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser		2

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

sc start OutbyteDUHelper

Executes one or more WMI queries which can be used to identify virtual machines (2 events)

wmi	SELECT Name, Description, DeviceID, Manufacturer, Family, Level, Stepping, Version, Revision, SocketDesignation, OtherFamilyDescription, ProcessorType, NumberOfCores, NumberOfLogicalProcessors, Architecture, AddressWidth, DataWidth, MaxClockSpeed, VoltageCaps, ProcessorId, UniqueId, Role, CurrentClockSpeed, ExtClock, CurrentVoltage, CpuStatus, Status FROM Win32_Processor
wmi	select Model, PNPDeviceID, InterfaceType from Win32_DiskDrive where Index = 0

Checks the version of Bios, possibly for anti-virtualization (1 event)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion

Installs itself for autorun at Windows startup (1 event)

service_name

OutbyteDUHelper

service_path

C:\Windows\System32\"C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe"

Queries information on disks, possibly for anti-virtualization (4 events)

Time & API	Arguments	Status	Return
NtCreateFile July 3, 2024, 9:34 a.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x00000ce4 filepath: \??\PhysicalDrive0 desired_access: 0xc0100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 1 (FILE_OPENED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0
NtCreateFile July 3, 2024, 9:34 a.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x00000cfc filepath: \??\PhysicalDrive0 desired_access: 0xc0100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 1 (FILE_OPENED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0
NtCreateFile July 3, 2024, 9:34 a.m.	create_disposition: 1 (FILE_OPEN) file_handle: 0x00000ce4 filepath: \??\PhysicalDrive0 desired_access: 0xc0100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 0 () filepath_r: \??\PhysicalDrive0 create_options: 96 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 1 (FILE_OPENED) share_access: 3 (FILE_SHARE_READ\|FILE_SHARE_WRITE)	1	0
DeviceIoControl July 3, 2024, 9:34 a.m.	input_buffer: control_code: 2954240 () device_handle: 0x00000ce4 output_buffer:	1	1

Attempts to create or modify system certificates (5 events)

registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431\Blob
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\92C1588E85AF2201CE7915E8538B492F605B80C6\Blob
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3\Blob
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4\Blob

Zeus P2P (Banking Trojan) (11 events)

mutex	8D622ABC-7F4F-49CF-A95A-86F8A21753BA_local_outbyte_driver updater_driverupdater
mutex	INSTALLER_8D622ABC-7F4F-49CF-A95A-86F8A21753BA_local_outbyte_driver updater_installer
mutex	INSTALLER_8D622ABC-7F4F-49CF-A95A-86F8A21753BA_global_outbyte_driver updater
mutex	{08586C4E-62C4-4a4e-8271-C2A20530AF62}_M_S-1-5-21-3832866432-4053218753-3017428901-1001
mutex	{B38B494B-46F8-4765-8D92-31B8F10D8FD3}_SETUP
mutex	{C48CB245-2929-4724-9EEC-3BCCB48C78DE}-{42EDCAAA-67F6-42D0-A9C3-4291C4042352}-Protection
mutex	Global\PML_Factory{440657CF-E3B8-421C-997A-4C9C9D9D4A42}_Mutex_4
mutex	Global\PML_Factory{1337A543-0E3F-4433-9C4D-CC6DAEE73E90}_Mutex_4
mutex	8D622ABC-7F4F-49CF-A95A-86F8A21753BA_global_outbyte_driver updater
udp	{u'src': u'192.168.56.102', u'dst': u'239.255.255.250', u'offset': 6615284, u'time': 5.470577001571655, u'dport': 3702, u'sport': 49152}
udp	{u'src': u'192.168.56.102', u'dst': u'239.255.255.250', u'offset': 6623660, u'time': 61.76822090148926, u'dport': 1900, u'sport': 62849}

outbyte-driver-updater.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All