date/time : 2024-10-20, 17:36:40, 52ms

computer name : DESKTOP-I132E3N

user name : ADMIN
registered owner : ADMIN
operating system : Windows 10 x64 build 19045
system language : Italian
system up time : 4 days 18 hours
program up time : 569 milliseconds
processors : 8x Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
physical memory : 6436/16267 MB (free/total)
free disk space : (C:) 66,72 GB
display mode : 1680x1050, 32 bit
process id : $4488
allocated memory : 44,94 MB
largest free block : 1,47 GB
executable : Supremo.exe
exec. date/time : 2024-03-31 06:37
version : 4.11.0.2489
compiled with : Delphi 12
madExcept version : 5.1.4
callstack crc : $f60c5503, $c3cdbca8, $c3cdbca8
exception number : 1
exception class : EFCreateError
exception message : Cannot create file "C:\Users\ADMIN\AppData\Local\Temp\
SupremoRemoteDesktop\libssl-1_1.dll". Impossibile accedere al file. Il file è
utilizzato da un altro processo.

main thread ($5370):

004dc3c3 +0bf Supremo.exe System.Classes TFileStream.Create
004dc2e0 +020 Supremo.exe System.Classes TFileStream.Create
00b258fd +03d Supremo.exe Nanosystems.SysUtils TnsUtils.ExtractResource
016f2b1e +06e Supremo.exe Nanosystems.OpenSSL InitializeLibSsl
01702ad8 +288 Supremo.exe App.Status BeforeInitialization
7696fcc7 +017 KERNEL32.DLL BaseThreadInitThunk

thread $4a60:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $1adc:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $10e0:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $3774:
75ffcac7 +47 USER32.dll MsgWaitForMultipleObjectsEx
75ffca6a +1a USER32.dll MsgWaitForMultipleObjects
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $4138 (TLoggerThread):

77b9a7cd +0fd KERNELBASE.dll WaitForMultipleObjectsEx
004ed4c0 +018 Supremo.exe System.Classes TThread.Create
769711d1 +021 KERNEL32.DLL CreateThread
0040b516 +05a Supremo.exe System BeginThread
004ed5d1 +08d Supremo.exe System.Classes TThread.Create
00409d49 +01d Supremo.exe System @AfterConstruction
0040f01c +204 Supremo.exe System DynArraySetLength
00467176 +056 Supremo.exe System.SyncObjs THandleObject.WaitFor
00a3ad5d +031 Supremo.exe LoggerPro
{ThreadSafeQueueU}TThreadSafeQueue<LoggerPro.TLogItem>.Dequeue
00a3a03b +047 Supremo.exe LoggerPro TLoggerThread.Execute
00a3a1fe +20a Supremo.exe LoggerPro TLoggerThread.Execute
00a3a21d +229 Supremo.exe LoggerPro TLoggerThread.Execute
009f527f +02b Supremo.exe madExcept HookedTThreadExecute
009f52ea +096 Supremo.exe madExcept HookedTThreadExecute
004ed3f9 +049 Supremo.exe System.Classes ThreadProc
004ed45c +0ac Supremo.exe System.Classes ThreadProc
0040b4ac +028 Supremo.exe System ThreadWrapper
009f5165 +00d Supremo.exe madExcept CallThreadProcSafe
009f51ca +032 Supremo.exe madExcept ThreadExceptFrame
009f5240 +0a8 Supremo.exe madExcept ThreadExceptFrame
7696fcc7 +017 KERNEL32.DLL BaseThreadInitThunk
>> created by main thread ($5370) at:
004ed4c0 +018 Supremo.exe System.Classes TThread.Create

thread $3020 (TAppenderThread):

77b9a7cd +0fd KERNELBASE.dll WaitForMultipleObjectsEx
00467176 +056 Supremo.exe System.SyncObjs THandleObject.WaitFor
00a3ad5d +031 Supremo.exe LoggerPro
{ThreadSafeQueueU}TThreadSafeQueue<LoggerPro.TLogItem>.Dequeue
00a3ad22 +012 Supremo.exe LoggerPro
{ThreadSafeQueueU}TThreadSafeQueue<LoggerPro.TLogItem>.Dequeue
00a3aabf +1ab Supremo.exe LoggerPro TAppenderThread.Execute
00a3abbf +2ab Supremo.exe LoggerPro TAppenderThread.Execute
009f527f +02b Supremo.exe madExcept HookedTThreadExecute
009f52ea +096 Supremo.exe madExcept HookedTThreadExecute
004ed3f9 +049 Supremo.exe System.Classes ThreadProc
004ed45c +0ac Supremo.exe System.Classes ThreadProc
0040b4ac +028 Supremo.exe System ThreadWrapper
009f5165 +00d Supremo.exe madExcept CallThreadProcSafe
009f51ca +032 Supremo.exe madExcept ThreadExceptFrame
009f5240 +0a8 Supremo.exe madExcept ThreadExceptFrame
7696fcc7 +017 KERNEL32.DLL BaseThreadInitThunk
>> created by thread $4138 (TLoggerThread) at:
004ed4c0 +018 Supremo.exe System.Classes TThread.Create

thread $2fcc:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $4c3c:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $3dd4:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

modules:
00400000 Supremo.exe
67ce0000 mpr.dll
69b60000 wininet.dll
6bac0000 libcrypto-1_1.dll
Temp\SupremoRemoteDesktop
6bd10000 FaultRep.dll
6df70000 wintypes.dll
6e050000 CoreUIComponents.dll
6e2d0000 textinputframework.dll
6e3e0000 SHFolder.dll
6e560000 propsys.dll
6e800000 apphelp.dll
4.11.0.2489 C:\Users\ADMIN\Downloads
10.0.19041.3636 C:\Windows\SYSTEM32
11.0.19041.4717 C:\Windows\SYSTEM32
1.1.1.7 C:\Users\ADMIN\AppData\Local\
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.4717 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.4651 C:\Windows\SYSTEM32
10.0.19041.1 C:\Windows\SYSTEM32
7.0.19041.4355 C:\Windows\system32
10.0.19041.4957 C:\Windows\SYSTEM32
6e8b0000 d3d9.dll
6eb90000 winhttp.dll
6ed20000 CoreMessaging.dll
6edc0000 TextShaping.dll
6eed0000 dwmapi.dll
6f660000 SspiCli.dll
6f7e0000 gdiplus.dll
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.4597_none_d954b6f7e1016a2a
704d0000 Fwpuclnt.dll
71f70000 dbgcore.DLL
71fa0000 iphlpapi.dll
72f20000 NETUTILS.DLL
72f30000 WKSCLI.DLL
72f80000 netapi32.dll
744f0000 ntmarta.dll
74520000 profapi.dll
74540000 Wldp.dll
74650000 windows.storage.dll
75430000 kernel.appcore.dll
75460000 wsock32.dll
75470000 version.dll
75510000 winmm.dll
75540000 uxtheme.dll
75640000 winsta.dll
75690000 comctl32.dll
x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c
758a0000 userenv.dll
758d0000 WTSAPI32.DLL
75900000 winspool.drv
75980000 dbghelp.dll
75b70000 msvcp_win.dll
75bf0000 gdi32full.dll
75ce0000 comdlg32.dll
75d90000 msvcrt.dll
75ee0000 bcrypt.dll
75f00000 RPCRT4.dll
75fc0000 USER32.dll
76160000 IMM32.DLL
76190000 bcryptPrimitives.dll
761f0000 CFGMGR32.dll
76230000 WS2_32.dll
762a0000 ole32.dll
76390000 advapi32.dll
76410000 ucrtbase.dll
76530000 combase.dll
768b0000 oleaut32.dll
76950000 KERNEL32.DLL
76e80000 Msctf.dll
76f60000 sechost.dll
76fe0000 SHLWAPI.dll
77090000 SHELL32.dll
77670000 win32u.dll
778f0000 shcore.dll
779f0000 clbcatq.dll
77a70000 KERNELBASE.dll
77cb0000 GDI32.dll
77cf0000 ntdll.dll
10.0.19041.4957 C:\Windows\SYSTEM32
10.0.19041.4717 C:\Windows\SYSTEM32
10.0.19041.4474 C:\Windows\SYSTEM32
C:\Windows\SYSTEM32
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.4239 C:\Windows\SYSTEM32
10.0.19041.4597 C:\Windows\WinSxS\
10.0.19041.4123 C:\Windows\SYSTEM32
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.4780 C:\Windows\SYSTEM32
10.0.19041.4957 C:\Windows\SYSTEM32
10.0.19041.3758 C:\Windows\SYSTEM32
10.0.19041.1 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.5007 C:\Windows\system32
10.0.19041.3636 C:\Windows\SYSTEM32
6.10.19041.4355 C:\Windows\WinSxS\
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.4597 C:\Windows\SYSTEM32
10.0.19041.3996 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4355 C:\Windows\System32
7.0.19041.3636 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4957 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4474 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.3996 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4355 C:\Windows\System32
10.0.19041.5011 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4894 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4957 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4597 C:\Windows\System32
10.0.19041.4355 C:\Windows\System32
10.0.19041.4957 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4522 C:\Windows\System32
2001.12.10941.16384 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4474 C:\Windows\System32
10.0.19041.5007 C:\Windows\SYSTEM32
processes:
0000 Idle 0 0 0
0004 System 0 0 0
007c Registry 0 0 0
0208 smss.exe 0 0 0
0350 csrss.exe 0 0 0
0324 wininit.exe 0 0 0
036c csrss.exe 1 0 0
03e8 winlogon.exe 1 0 0
03fc services.exe 0 0 0
03a0 lsass.exe 0 0 0
0464 svchost.exe 0 0 0
0484 fontdrvhost.exe 0 0 0
0488 fontdrvhost.exe 1 0 0
04bc WUDFHost.exe 0 0 0
0510 svchost.exe 0 0 0
0548 svchost.exe 0 0 0
05ec svchost.exe 0 0 0
05f4 svchost.exe 0 0 0
0618 dwm.exe 1 0 0
0638 svchost.exe 0 0 0
0684 svchost.exe 0 0 0
06f8 svchost.exe 0 0 0
0720 svchost.exe 0 0 0
0794 svchost.exe 0 0 0
07b0 svchost.exe 0 0 0
07cc svchost.exe 0 0 0
06d8 svchost.exe 0 0 0
083c SynTPEnhService.exe 0 0 0
0888 svchost.exe 0 0 0
08c0 svchost.exe 0 0 0
0904 VeraCrypt.exe 0 0 0
090c svchost.exe 0 0 0
0988 svchost.exe 0 0 0
09dc svchost.exe 0 0 0
09d8 svchost.exe 0 0 0
09e8 svchost.exe 0 0 0
0aa0 svchost.exe 0 0 0
0ab4 Memory Compression 0 0 0
0af4 igfxCUIService.exe 0 0 0
0b3c svchost.exe 0 0 0
0b44 svchost.exe 0 0 0
0b88 TouchpointAnalyticsClientService.exe 0 0 0
0b90 SysInfoCap.exe 0 0 0
0b98 AppHelperCap.exe 0 0 0
0ba0 DiagsCap.exe 0 0 0
0ba8 NetworkCap.exe 0 0 0
08cc svchost.exe 0 0 0
0c3c svchost.exe 0 0 0
0e20 WmiPrvSE.exe 0 0 0
0e60 svchost.exe 0 0 0
0e80 svchost.exe 0 0 0
0eec svchost.exe 0 0 0
0ef4 svchost.exe 0 0 0
0f60 svchost.exe 0 0 0
0f9c svchost.exe 0 0 0
0fec spoolsv.exe 0 0 0
0a74 svchost.exe 0 0 0
06e0 svchost.exe 0 0 0
0e9c svchost.exe 0 0 0
10f4 svchost.exe 0 0 0
10fc svchost.exe 0 0 0
1104 svchost.exe 0 0 0
1118 svchost.exe 0 0 0
1120 svchost.exe 0 0 0
1130 svchost.exe 0 0 0
1138 svchost.exe 0 0 0
1148 svchost.exe 0 0 0
11c4 svchost.exe 0 0 0
11d8 svchost.exe 0 0 0
11e0 pia-service.exe 0 0 0
11e8 FMService64.exe 0 0 0
1200 XtuService.exe 0 0 0
1214 fuj02e3-utility.exe 0 0 0
1248 MpDefenderCoreService.exe 0 0 0
1258 MsMpEng.exe 0 0 0
1260 HotKeyServiceUWP.exe 0 0 0
1268 ijplmsvc.exe 0 0 0
1270 RtkAudUService64.exe 0 0 0
1298 armsvc.exe 0 0 0
12a0 qcmtusvc.exe 0 0 0
1314 MBAMService.exe 0 0 0
1330 svchost.exe 0 0 0
13b4 TeamViewer_Service.exe 0 0 0
11f0 svchost.exe 0 0 0
146c svchost.exe 0 0 0
1590 LanWlanWwanSwitchingServiceUWP.exe 0 0 0
1a6c svchost.exe 0 0 0
1ba4 SearchIndexer.exe 0 0 0
1840 dllhost.exe 0 0 0
039c AggregatorHost.exe 0 0 0
09cc svchost.exe 0 0 0
1e84 svchost.exe 0 0 0
1ef0 svchost.exe 0 0 0
1fb0 NisSrv.exe 0 0 0
1a24 svchost.exe 0 0 0
1c10 svchost.exe 0 0 0
1ffc svchost.exe 0 0 0
2244 svchost.exe 0 0 0
2038 Malwarebytes.exe 1 32 35 normal C:\Program Files\
Malwarebytes\Anti-Malware
23f0 sihost.exe 1 41 18 normal C:\Windows\
System32
202c svchost.exe 1 0 1 normal C:\Windows\
System32
20a0 svchost.exe 1 4 4 normal C:\Windows\
System32
2118 taskhostw.exe 1 10 6 normal C:\Windows\
System32
211c PowerMgr.exe 1 23 7 below normal C:\Windows\
SysWOW64\Lenovo\PowerMgr
0a04 svchost.exe 0 0 0
0cc8 svchost.exe 0 0 0
21f4 igfxEM.exe 1 10 14 normal C:\Windows\
System32
14e4 igfxHK.exe 1 10 13 normal C:\Windows\
System32
0df8 ctfmon.exe 1 0 0
1ad4 svchost.exe 0 0 0
20f8 explorer.exe 1 2193 883 normal C:\Windows
26b0 svchost.exe 0 0 0
26a8 updatechecker.exe 1 0 0
26b8 BraveCrashHandler.exe 0 0 0
2708 BraveCrashHandler64.exe 0 0 0
20c4 SynTPEnh.exe 1 60 32 above normal C:\Windows\
System32
26cc svchost.exe 1 0 10 normal C:\Windows\
System32
20f0 StartMenuExperienceHost.exe 1 1 15 normal C:\Windows\
SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy
06c4 SearchApp.exe 1 1 29 normal C:\Windows\
SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy
0f0c RuntimeBroker.exe 1 41 2 normal C:\Windows\
System32
23c8 RuntimeBroker.exe 1 58 47 normal C:\Windows\
System32
1220 svchost.exe 0 0 0
1384 SearchApp.exe 1 33 102 normal C:\Windows\
SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy
2ac4 RuntimeBroker.exe 1 4 5 normal C:\Windows\
System32
1c90 TextInputHost.exe 1 0 23 normal C:\Windows\
SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy
2580 RtkAudUService64.exe 1 15 5 normal C:\Windows\
System32\DriverStore\FileRepository\realtekservice.inf_amd64_aab086749a1a9302
25b0 RAVCpl64.exe 1 70 18 normal C:\Program Files\
Realtek\Audio\HDA
25a8 SystemSettings.exe 1 18 39 normal C:\Windows\
ImmersiveControlPanel
253c ApplicationFrameHost.exe 1 90 69 normal C:\Windows\
System32
1a34 VeraCrypt.exe 1 48 50 normal C:\Program Files\
VeraCrypt
16e0 UserOOBEBroker.exe 1 0 1 normal C:\Windows\
System32\oobe
2bac HPDisplayCenter.exe 1 10 19 normal C:\Program Files
(x86)\HP\HP Display Center
24a0 pia-client.exe 1 217 113 normal C:\Program Files\
Private Internet Access
2bb8 svchost.exe 0 0 0
2e54 ShellExperienceHost.exe 1 20 76 normal C:\Windows\
SystemApps\ShellExperienceHost_cw5n1h2txyewy
2ebc RuntimeBroker.exe 1 40 6 normal C:\Windows\
System32
2b38 CalculatorApp.exe 1 0 13 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
2e3c RuntimeBroker.exe 1 0 4 normal C:\Windows\
System32
0750 WhatsApp.exe 1 0 8 normal C:\Program Files\
WindowsApps\5319275A.WhatsAppDesktop_2.2440.9.0_x64__cv1g1gvanyjgm
2a08 RuntimeBroker.exe 1 0 1 normal C:\Windows\
System32
1514 jhi_service.exe 0 0 0
2cd4 LMS.exe 0 0 0
2ee4 SgrmBroker.exe 0 0 0
0f70 svchost.exe 0 0 0
0e54 svchost.exe 0 0 0
2c70 svchost.exe 1 0 1 normal C:\Windows\
System32
1bb4 dllhost.exe 1 0 3 normal C:\Windows\
System32
27b0 igfxext.exe 1 0 2 normal C:\Windows\
System32
0e50 SecurityHealthService.exe 0 0 0
201c PrivacyIconClient.exe 1 87 62 normal C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\IMSS
1658 cmd.exe 1 0 0 below normal C:\Windows\
System32
03c4 conhost.exe 1 10 3 below normal C:\Windows\
System32
0830 LSB.exe 1 0 5 below normal C:\Users\ADMIN\
AppData\Local\Programs\Lenovo\Lenovo Service Bridge
262c svchost.exe 0 0 0
23c0 chrome.exe 1 97 117 normal C:\Program Files\
Google\Chrome\Application
1988 chrome.exe 1 2 4 normal C:\Program Files\
Google\Chrome\Application
12e8 chrome.exe 1 12 15 above normal C:\Program Files\
Google\Chrome\Application
180c chrome.exe 1 0 3 normal C:\Program Files\
Google\Chrome\Application
2008 chrome.exe 1 0 0 normal C:\Program Files\
Google\Chrome\Application
2c60 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
29c0 chrome.exe 1 0 0 normal C:\Program Files\
Google\Chrome\Application
0dd0 brave.exe 1 86 85 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2794 brave.exe 1 2 3 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
076c brave.exe 1 10 16 above normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
14bc brave.exe 1 0 3 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2204 brave.exe 1 0 0 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
1508 brave.exe 1 0 0 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2b30 brave.exe 1 0 0 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
0778 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
1a9c brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
0658 CompPkgSrv.exe 1 0 1 normal C:\Windows\
System32
2c80 brave.exe 1 0 1 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2ed0 svchost.exe 0 0 0
2d44 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
0f94 chrome.exe 1 0 1 normal C:\Program Files\
Google\Chrome\Application
0650 chrome.exe 1 0 1 normal C:\Program Files\
Google\Chrome\Application
2428 BridgeCommunication.exe 1 2 4 normal C:\Windows\
System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64
0670 acrotray.exe 1 45 13 normal C:\Program Files
(x86)\Adobe\Acrobat DC\Acrobat
3440 microsip.exe 1 426 212 normal C:\Users\ADMIN\
Downloads\MicroSIP-3.21.2
3238 PC-NVR.exe 1 0 0
1e58 Challenge.exe 1 0 0
1854 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3a94 LockApp.exe 1 6 20 normal C:\Windows\
SystemApps\Microsoft.LockApp_cw5n1h2txyewy
2374 RuntimeBroker.exe 1 0 4 normal C:\Windows\
System32
0cc0 svchost.exe 0 0 0
33b8 OfficeClickToRun.exe 0 0 0
36a0 AppVShNotify.exe 1 0 1 normal C:\Program Files\
Common Files\microsoft shared\ClickToRun
39b8 SDXHelper.exe 1 0 14 idle C:\Program Files\
Microsoft Office\root\Office16
4704 Telegram.exe 1 288 146 normal C:\Users\ADMIN\
Desktop\tportable-x64.3.7.3\Telegram
43c4 CalculatorApp.exe 1 6 21 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
1c6c CalculatorApp.exe 1 6 20 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
2488 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
41ec Skype.exe 1 94 72 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
0fd4 Skype.exe 1 0 4 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
1b78 Skype.exe 1 0 1 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
1d2c Skype.exe 1 0 19 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
3594 dllhost.exe 1 1 6 normal C:\Windows\
System32
42b8 Skype.exe 1 4 2 above normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
4364 RuntimeBroker.exe 1 0 1 normal C:\Windows\
System32
35d8 Skype.exe 1 0 1 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
3958 AnyDesk.exe 1 836 269 normal C:\Users\ADMIN\
Music
3868 AnyDesk.exe 1 0 9 high C:\Users\ADMIN\
Music
3870 AnyDesk.exe 1 171 17 normal C:\Users\ADMIN\
Music
49d8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
491c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3b1c HPAudioAnalytics.exe 0 0 0
3dcc svchost.exe 0 0 0
4d3c taskhostw.exe 1 0 2 normal C:\Windows\
System32
415c svchost.exe 0 0 0
3a2c svchost.exe 0 0 0
4df8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4654 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
3350 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
52b8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4948 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3a68 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4e30 svchost.exe 1 0 1 normal C:\Windows\
System32
50fc taskhostw.exe 1 0 0
1b80 svchost.exe 0 0 0
1920 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4234 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3b8c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
2eec chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
13b0 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
49e4 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4bbc pia-wgservice.exe 0 0 0
2058 MoUsoCoreWorker.exe 0 0 0
5160 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4e54 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4fd0 msedge.exe 1 3 44 normal C:\Program Files
(x86)\Microsoft\Edge\Application
3444 msedge.exe 1 0 3 normal C:\Program Files
(x86)\Microsoft\Edge\Application
3cf4 msedge.exe 1 1 6 above normal C:\Program Files
(x86)\Microsoft\Edge\Application
4cc4 msedge.exe 1 0 5 normal C:\Program Files
(x86)\Microsoft\Edge\Application
2fd8 msedge.exe 1 0 0 normal C:\Program Files
(x86)\Microsoft\Edge\Application
4064 msedge.exe 1 0 0 idle C:\Program Files
(x86)\Microsoft\Edge\Application
4c2c msedge.exe 1 0 0 idle C:\Program Files
(x86)\Microsoft\Edge\Application
3160 SnippingTool.exe 1 77 56 normal C:\Windows\
System32
11a0 CalculatorApp.exe 1 6 20 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
2d4c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
46c8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
5280 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
41f8 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
481c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
10e8 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
51e4 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
1648 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
36ec brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
4d14 WUDFHost.exe 0 0 0
3860 svchost.exe 0 0 0
49ac rundll32.exe 1 0 2 normal C:\Windows\
System32
4474 SearchProtocolHost.exe 0 0 0
4aa0 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
34f0 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
2100 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
1018 audiodg.exe 0 0 0
0e40 SmartPSS.exe 1 0 0
29dc DSMessageNotify.exe 1 0 0
4d4c svchost.exe 0 0 0
539c AnyDesk.exe 1 247 62 normal C:\Users\ADMIN\
Music
4dcc SearchFilterHost.exe 0 0 0
121c svchost.exe 0 0 0
3f80 Supremo.exe 1 60 56 normal C:\Users\ADMIN\
Downloads
53dc Supremo.exe 1 34 35 normal C:\Users\ADMIN\
Downloads
18e0 Supremo.exe 1 60 56 normal C:\Users\ADMIN\
Downloads
1890 Supremo.exe 1 49 47 normal C:\Users\ADMIN\
Downloads
4488 Supremo.exe 1 60 56 normal C:\Users\ADMIN\
Downloads
3c2c dllhost.exe 1 0 6 normal C:\Windows\
SysWOW64

hardware:
+ {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
- Coda di stampa radice
- Fax
- Microsoft Print to PDF
- Microsoft XPS Document Writer
- OneNote for Windows 10
+ {36fc9e60-c465-11cf-8056-444553540000}
- Controller host Intel(R) USB 3.0 eXtensible - 1.0 (Microsoft)
- Dispositivo USB composito
- Dispositivo USB composito
- Dispositivo USB composito
- Generic USB Hub
- Generic USB Hub
- Hub radice USB
 - Hub radice USB
- Hub radice USB (USB 3.0)
- Intel(R) serie 8/serie C220 USB EHCI n.1 - 8C26
- Intel(R) serie 8/serie C220 USB EHCI n.2 - 8C2D
+ {4d36e966-e325-11ce-bfc1-08002be10318}
- PC ACPI basato su x64
+ {4d36e967-e325-11ce-bfc1-08002be10318}
- SAMSUNG MZ7LN256HCHP-000L7
+ {4d36e968-e325-11ce-bfc1-08002be10318}
- Intel(R) HD Graphics 4600 (driver 20.19.15.4549)
+ {4d36e96a-e325-11ce-bfc1-08002be10318}
- Intel(R) 8 Series/C220 Chipset Family SATA AHCI Controller (driver
14.8.16.1063)
+ {4d36e96b-e325-11ce-bfc1-08002be10318}
- Tastiera HID
- Tastiera HID
- Tastiera HID
- Tastiera HID
- Tastiera HID
+ {4d36e96c-e325-11ce-bfc1-08002be10318}
- Audio Intel(R) per schermi (driver 6.16.0.3208)
- Plantronics Blackwire 3225 Series
- Realtek High Definition Audio (driver 6.0.8924.1)
- Voicemod Virtual Audio Device (WDM) (driver 2022.6.1.0)
+ {4d36e96e-e325-11ce-bfc1-08002be10318}
- Monitor generico non Plug and Play
- Monitor generico Plug and Play
+ {4d36e96f-e325-11ce-bfc1-08002be10318}
- Mouse compatibile HID
+ {4d36e972-e325-11ce-bfc1-08002be10318}
- Intel(R) Ethernet Connection I217-LM #2 (driver 12.19.2.61)
- Microsoft Kernel Debug Network Adapter
- Private Internet Access Network Adapter (driver 9.24.2.601)
- WAN Miniport (IKEv2)
- WAN Miniport (IP)
- WAN Miniport (IPv6)
- WAN Miniport (L2TP)
- WAN Miniport (Network Monitor)
- WAN Miniport (PPPOE)
- WAN Miniport (PPTP)
- WAN Miniport (SSTP)
- WireGuard Tunnel (driver 0.10.0.0)
- WireGuard Tunnel (driver 0.8.0.0)
+ {4d36e978-e325-11ce-bfc1-08002be10318}
- Porta di comunicazione (COM1)
+ {4d36e97b-e325-11ce-bfc1-08002be10318}
- Controller spazi di archiviazione Microsoft
+ {4d36e97d-e325-11ce-bfc1-08002be10318}
- Archiviazione volumi
- Bus Redirector dispositivi Desktop remoto
- Complesso radice PCI Express
- Controller di accesso diretto alla memoria (DMA)
- Controller per High Definition Audio
- Controller per High Definition Audio
- Coprocessore matematico
- Dispositivo legacy
- Driver arbitraggio ricarica
- Driver BIOS Microsoft System Management
- Driver infrastruttura di virtualizzazione Hyper-V Microsoft
 - Driver rendering base Microsoft
- Driver video base Microsoft
- Enumeratore bus composito
- Enumeratore bus radice UMBus
- Enumeratore di dispositivi software Plug and Play
- Enumeratore scheda di rete virtuale NDIS
- Enumeratore unità virtuale Microsoft
- Fujitsu FUJ02E3 Device Driver (driver 4.5.1.0)
- Intel(R) 8 Series/C220 Series Thermal - 8C24 (driver 10.1.2.80)
- Intel(R) Management Engine Interface (driver 11.7.0.1057)
- Intel(R) Q87 LPC Controller - 8C4E (driver 10.1.2.80)
- Intel(R) Xeon(R) processor E3 - 1200 v3/4th Gen Core processor DRAM Controller
- 0C00 (driver 10.1.2.80)
- Orologio di sistema CMOS a tempo reale
- Programmable Interrupt Controller
- Pulsante alimentazione ACPI
- Pulsante caratteristica ACPI fissa
- Risorse scheda madre
- Risorse scheda madre
- Risorse scheda madre
- Risorse scheda madre
- Risorse scheda madre
- Sistema compatibile ACPI Microsoft
- Synaptics SMBus Driver (driver 19.0.17.142)
- Timer di sistema
- Timer eventi alta precisione
- Zona termica ACPI
- Zona termica ACPI
+ {50127dc3-0f36-415e-a6cc-4cb3be910b65}
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
+ {533c5b84-ec70-11d2-9505-00c04f79deaf}
- Copia shadow volume generico
- Copia shadow volume generico
+ {53d29ef7-377c-4d14-864b-eb3a85769359}
- Windows Hello Face Software Device (driver 10.0.19041.3636)
+ {5c4c3332-344d-483c-8739-259e934c9cc8}
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
+ {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
- Microsoft Passport Container Enumeration Bus
- Microsoft Radio Device Enumeration Bus
- Microsoft RRAS Root Enumerator
- Sintetizzatore Wavetable Microsoft GS
- Smart Card Device Enumeration Bus
+ {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
- Controller di sistema compatibile HID
 - Controller di sistema compatibile HID
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo controllo consumi compatibile HID
- Dispositivo controllo consumi compatibile HID
- Dispositivo controllo consumi compatibile HID
- Dispositivo di input USB
- Dispositivo di input USB
- Dispositivo di input USB
- Dispositivo di input USB
- Dispositivo di input USB
- HID-compliant headset
+ {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
- Altoparlanti (2- Realtek High Definition Audio)
- Auricolare e microtelefono (Plantronics Blackwire 3225 Series)
- Cuffia auricolare con microfono (Plantronics Blackwire 3225 Series)
- SyncMaster (Audio Intel(R) per schermi)
+ {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
- Trusted Platform Module 1.2

cpu registers:
eax = 076246d0
ebx = 07662720
ecx = 00000000
edx = 03d02130
esi = 059c14dc
edi = 00000020
eip = 004dc3c8
esp = 0019fde0
ebp = 0019fe4c

stack dump:
0019fde0 c8 c3 4d 00 de fa ed 0e - 01 00 00 00 07 00 00 00 ..M.............
0019fdf0 f4 fd 19 00 c8 c3 4d 00 - d0 46 62 07 20 27 66 07 ......M..Fb. 'f.
0019fe00 dc 14 9c 05 20 00 00 00 - 4c fe 19 00 10 fe 19 00 .... ...L.......
0019fe10 5c fe 19 00 44 ab 40 00 - 4c fe 19 00 90 f9 b1 03 \[email protected].......
0019fe20 20 27 66 07 01 fe 19 00 - 00 00 00 00 00 00 00 00 'f.............
0019fe30 00 00 00 00 00 00 00 00 - 7c 15 9c 05 11 be 4a 00 ........|.....J.
0019fe40 1c 16 9c 05 11 14 9c 05 - de 9c 40 00 74 fe 19 00 [email protected]...
0019fe50 e5 c2 4d 00 00 00 00 00 - 20 ff 00 00 80 fe 19 00 ..M..... .......
0019fe60 23 ad 40 00 74 fe 19 00 - 20 27 66 07 bc 9e 94 05 #[email protected]... 'f.....
0019fe70 dc 14 9c 05 98 fe 19 00 - 02 59 b2 00 20 ff 00 00 .........Y.. ...
0019fe80 a0 fe 19 00 44 ab 40 00 - 98 fe 19 00 00 00 00 00 ....D.@.........
0019fe90 b4 fe 19 00 b0 46 62 07 - c0 fe 19 00 23 2b 6f 01 .....Fb.....#+o.
0019fea0 c8 fe 19 00 44 ab 40 00 - c0 fe 19 00 90 f9 b1 03 ....D.@.........
0019feb0 84 e5 a3 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019fec0 58 ff 19 00 dd 2a 70 01 - 60 ff 19 00 44 ab 40 00 X....*p.`...D.@.
0019fed0 58 ff 19 00 90 f9 b1 03 - 90 f9 b1 03 00 d0 36 00 X.............6.
0019fee0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019fef0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019ff00 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019ff10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

disassembling:
[...]
004dc3af push 1
004dc3b1 mov ecx, [$1af7ad0]
004dc3b7 mov dl, 1
004dc3b9 mov eax, [$4a4034]
004dc3be call -$a41fb ($4381c8) ; System.SysUtils.Exception.CreateResFmt
004dc3c3 > call -$d1760 ($40ac68) ; System.@RaiseExcept
004dc3c8 jmp loc_4dc42f
004dc3ca movzx edx, di
004dc3cd mov eax, esi
004dc3cf call -$acd88 ($42f64c) ; System.SysUtils.FileOpen
004dc3d4 mov ecx, eax
[...]

date/time : 2024-10-20, 17:36:39, 847ms

computer name : DESKTOP-I132E3N
user name : ADMIN
registered owner : ADMIN
operating system : Windows 10 x64 build 19045
system language : Italian
system up time : 4 days 18 hours
program up time : 457 milliseconds
processors : 8x Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
physical memory : 6442/16267 MB (free/total)
free disk space : (C:) 66,72 GB
display mode : 1680x1050, 32 bit
process id : $18e0
allocated memory : 59,69 MB
largest free block : 1,46 GB
executable : Supremo.exe
exec. date/time : 2024-03-31 06:37
version : 4.11.0.2489
compiled with : Delphi 12
madExcept version : 5.1.4
callstack crc : $9cc95df2, $18ba6b29, $18ba6b29
exception number : 1
exception class : EFOpenError
exception message : Cannot open file "C:\Users\ADMIN\AppData\Local\Temp\
SupremoRemoteDesktop\libcrypto-1_1.dll". Impossibile accedere al file. Il file è
utilizzato da un altro processo.

main thread ($1684):

004dc42a +126 Supremo.exe System.Classes TFileStream.Create
004dc2e0 +020 Supremo.exe System.Classes TFileStream.Create
016f280a +026 Supremo.exe Nanosystems.OpenSSL LoadLibCryptoLibrary
016f2a29 +055 Supremo.exe Nanosystems.OpenSSL InitializeLibCrypto
01702aae +25e Supremo.exe App.Status BeforeInitialization
7696fcc7 +017 KERNEL32.DLL BaseThreadInitThunk

thread $3600:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $3d6c:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $2834:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $4a68:
75ffcac7 +47 USER32.dll MsgWaitForMultipleObjectsEx
75ffca6a +1a USER32.dll MsgWaitForMultipleObjects
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $42ec (TLoggerThread):

77b9a7cd +0fd KERNELBASE.dll
004ed4c0 +018 Supremo.exe
769711d1 +021 KERNEL32.DLL
0040b516 +05a Supremo.exe
004ed5d1 +08d Supremo.exe
00409d49 +01d Supremo.exe
0040f01c +204 Supremo.exe
00467176 +056 Supremo.exe
00a3ad5d +031 Supremo.exe
{ThreadSafeQueueU}TThreadSafeQueue<LoggerPro.TLogItem>.Dequeue
00a3a03b +047 Supremo.exe
00a3a1fe +20a Supremo.exe
00a3a21d +229 Supremo.exe
009f527f +02b Supremo.exe
009f52ea +096 Supremo.exe
004ed3f9 +049 Supremo.exe
004ed45c +0ac Supremo.exe
0040b4ac +028 Supremo.exe
009f5165 +00d Supremo.exe
009f51ca +032 Supremo.exe
009f5240 +0a8 Supremo.exe
7696fcc7 +017 KERNEL32.DLL
>> created by main thread ($1684) at:
004ed4c0 +018 Supremo.exe
WaitForMultipleObjectsEx
System.Classes TThread.Create
CreateThread
System BeginThread
System.Classes TThread.Create
System @AfterConstruction
System DynArraySetLength
System.SyncObjs THandleObject.WaitFor
LoggerPro
LoggerPro TLoggerThread.Execute
LoggerPro TLoggerThread.Execute
LoggerPro TLoggerThread.Execute
madExcept HookedTThreadExecute
madExcept HookedTThreadExecute
System.Classes ThreadProc
System.Classes ThreadProc
System ThreadWrapper
madExcept CallThreadProcSafe
madExcept ThreadExceptFrame
madExcept ThreadExceptFrame
BaseThreadInitThunk
System.Classes TThread.Create

thread $28f4 (TAppenderThread):

77b9a7cd +0fd KERNELBASE.dll WaitForMultipleObjectsEx
00467176 +056 Supremo.exe System.SyncObjs THandleObject.WaitFor
00a3ad5d +031 Supremo.exe LoggerPro
{ThreadSafeQueueU}TThreadSafeQueue<LoggerPro.TLogItem>.Dequeue
00a3ad22 +012 Supremo.exe LoggerPro
{ThreadSafeQueueU}TThreadSafeQueue<LoggerPro.TLogItem>.Dequeue
00a3aabf +1ab Supremo.exe LoggerPro TAppenderThread.Execute
00a3abbf +2ab Supremo.exe LoggerPro TAppenderThread.Execute
009f527f +02b Supremo.exe madExcept HookedTThreadExecute
009f52ea +096 Supremo.exe madExcept HookedTThreadExecute
004ed3f9 +049 Supremo.exe System.Classes ThreadProc
004ed45c +0ac Supremo.exe System.Classes ThreadProc
0040b4ac +028 Supremo.exe System ThreadWrapper
009f5165 +00d Supremo.exe madExcept CallThreadProcSafe
009f51ca +032 Supremo.exe madExcept ThreadExceptFrame
009f5240 +0a8 Supremo.exe madExcept ThreadExceptFrame
7696fcc7 +017 KERNEL32.DLL BaseThreadInitThunk
>> created by thread $42ec (TLoggerThread) at:
004ed4c0 +018 Supremo.exe System.Classes TThread.Create

thread $1388:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

thread $3338:
7696fcc7 +17 KERNEL32.DLL BaseThreadInitThunk

modules:
00400000 Supremo.exe 4.11.0.2489 C:\Users\ADMIN\Downloads
67ce0000 mpr.dll 10.0.19041.3636 C:\Windows\SYSTEM32
69b60000 wininet.dll 11.0.19041.4717 C:\Windows\SYSTEM32
6bd10000 FaultRep.dll
6df70000 wintypes.dll
6e050000 CoreUIComponents.dll
6e2d0000 textinputframework.dll 10.0.19041.4651
6e3e0000 SHFolder.dll
6e560000 propsys.dll
6e800000 apphelp.dll
6e8b0000 d3d9.dll
6eb90000 winhttp.dll
6ed20000 CoreMessaging.dll
6edc0000 TextShaping.dll
6eed0000 dwmapi.dll
6f660000 SspiCli.dll
6f7e0000 gdiplus.dll
x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.4597_none_d954b6f7e1016a2a
704d0000 Fwpuclnt.dll
71f70000 dbgcore.DLL
71fa0000 iphlpapi.dll
72f20000 NETUTILS.DLL
72f30000 WKSCLI.DLL
72f80000 netapi32.dll
744f0000 ntmarta.dll
74520000 profapi.dll
74540000 Wldp.dll
74650000 windows.storage.dll
75430000 kernel.appcore.dll
75460000 wsock32.dll
75470000 version.dll
75510000 winmm.dll
75540000 uxtheme.dll
75640000 winsta.dll
75690000 comctl32.dll
x86_microsoft.windows.common-
controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c
758a0000 userenv.dll
758d0000 WTSAPI32.DLL
75900000 winspool.drv
75980000 dbghelp.dll
75b70000 msvcp_win.dll
75bf0000 gdi32full.dll
75ce0000 comdlg32.dll
75d90000 msvcrt.dll
75ee0000 bcrypt.dll
75f00000 RPCRT4.dll
75fc0000 USER32.dll
76160000 IMM32.DLL
76190000 bcryptPrimitives.dll
761f0000 CFGMGR32.dll
76230000 WS2_32.dll
762a0000 ole32.dll
76390000 advapi32.dll
76410000 ucrtbase.dll
76530000 combase.dll
768b0000 oleaut32.dll
76950000 KERNEL32.DLL
76e80000 Msctf.dll
76f60000 sechost.dll
76fe0000 SHLWAPI.dll
77090000 SHELL32.dll
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.4717 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
C:\Windows\SYSTEM32
10.0.19041.1 C:\Windows\SYSTEM32
7.0.19041.4355 C:\Windows\system32
10.0.19041.4957 C:\Windows\SYSTEM32
10.0.19041.4957 C:\Windows\SYSTEM32
10.0.19041.4717 C:\Windows\SYSTEM32
10.0.19041.4474 C:\Windows\SYSTEM32
C:\Windows\SYSTEM32
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.4239 C:\Windows\SYSTEM32
10.0.19041.4597 C:\Windows\WinSxS\
10.0.19041.4123 C:\Windows\SYSTEM32
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.4780 C:\Windows\SYSTEM32
10.0.19041.4957 C:\Windows\SYSTEM32
10.0.19041.3758 C:\Windows\SYSTEM32
10.0.19041.1 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.5007 C:\Windows\system32
10.0.19041.3636 C:\Windows\SYSTEM32
6.10.19041.4355 C:\Windows\WinSxS\
10.0.19041.4355 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\SYSTEM32
10.0.19041.4597 C:\Windows\SYSTEM32
10.0.19041.3996 C:\Windows\SYSTEM32
10.0.19041.3636 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4355 C:\Windows\System32
7.0.19041.3636 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4957 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4474 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.3996 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4355 C:\Windows\System32
10.0.19041.5011 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4894 C:\Windows\System32
10.0.19041.3636 C:\Windows\System32
10.0.19041.4957 C:\Windows\System32
10.0.19041.5007 C:\Windows\System32
10.0.19041.4597 C:\Windows\System32
10.0.19041.4355 C:\Windows\System32
10.0.19041.4957 C:\Windows\System32
77670000 win32u.dll 10.0.19041.5007 C:\Windows\System32
778f0000 shcore.dll 10.0.19041.4522 C:\Windows\System32
779f0000 clbcatq.dll 2001.12.10941.16384 C:\Windows\System32
77a70000 KERNELBASE.dll 10.0.19041.5007 C:\Windows\System32
77cb0000 GDI32.dll 10.0.19041.4474 C:\Windows\System32
77cf0000 ntdll.dll 10.0.19041.5007 C:\Windows\SYSTEM32

processes:
0000 Idle 0 0 0
0004 System 0 0 0
007c Registry 0 0 0
0208 smss.exe 0 0 0
0350 csrss.exe 0 0 0
0324 wininit.exe 0 0 0
036c csrss.exe 1 0 0
03e8 winlogon.exe 1 0 0
03fc services.exe 0 0 0
03a0 lsass.exe 0 0 0
0464 svchost.exe 0 0 0
0484 fontdrvhost.exe 0 0 0
0488 fontdrvhost.exe 1 0 0
04bc WUDFHost.exe 0 0 0
0510 svchost.exe 0 0 0
0548 svchost.exe 0 0 0
05ec svchost.exe 0 0 0
05f4 svchost.exe 0 0 0
0618 dwm.exe 1 0 0
0638 svchost.exe 0 0 0
0684 svchost.exe 0 0 0
06f8 svchost.exe 0 0 0
0720 svchost.exe 0 0 0
0794 svchost.exe 0 0 0
07b0 svchost.exe 0 0 0
07cc svchost.exe 0 0 0
06d8 svchost.exe 0 0 0
083c SynTPEnhService.exe 0 0 0
0888 svchost.exe 0 0 0
08c0 svchost.exe 0 0 0
0904 VeraCrypt.exe 0 0 0
090c svchost.exe 0 0 0
0988 svchost.exe 0 0 0
09dc svchost.exe 0 0 0
09d8 svchost.exe 0 0 0
09e8 svchost.exe 0 0 0
0aa0 svchost.exe 0 0 0
0ab4 Memory Compression 0 0 0
0af4 igfxCUIService.exe 0 0 0
0b3c svchost.exe 0 0 0
0b44 svchost.exe 0 0 0
0b88 TouchpointAnalyticsClientService.exe 0 0 0
0b90 SysInfoCap.exe 0 0 0
0b98 AppHelperCap.exe 0 0 0
0ba0 DiagsCap.exe 0 0 0
0ba8 NetworkCap.exe 0 0 0
08cc svchost.exe 0 0 0
0c3c svchost.exe 0 0 0
0e20 WmiPrvSE.exe 0 0 0
0e60 svchost.exe 0 0 0
0e80 svchost.exe 0 0 0
0eec svchost.exe 0 0 0
0ef4 svchost.exe 0 0 0
0f60 svchost.exe 0 0 0
0f9c svchost.exe 0 0 0
0fec spoolsv.exe 0 0 0
0a74 svchost.exe 0 0 0
06e0 svchost.exe 0 0 0
0e9c svchost.exe 0 0 0
10f4 svchost.exe 0 0 0
10fc svchost.exe 0 0 0
1104 svchost.exe 0 0 0
1118 svchost.exe 0 0 0
1120 svchost.exe 0 0 0
1130 svchost.exe 0 0 0
1138 svchost.exe 0 0 0
1148 svchost.exe 0 0 0
11c4 svchost.exe 0 0 0
11d8 svchost.exe 0 0 0
11e0 pia-service.exe 0 0 0
11e8 FMService64.exe 0 0 0
1200 XtuService.exe 0 0 0
1214 fuj02e3-utility.exe 0 0 0
1248 MpDefenderCoreService.exe 0 0 0
1258 MsMpEng.exe 0 0 0
1260 HotKeyServiceUWP.exe 0 0 0
1268 ijplmsvc.exe 0 0 0
1270 RtkAudUService64.exe 0 0 0
1298 armsvc.exe 0 0 0
12a0 qcmtusvc.exe 0 0 0
1314 MBAMService.exe 0 0 0
1330 svchost.exe 0 0 0
13b4 TeamViewer_Service.exe 0 0 0
11f0 svchost.exe 0 0 0
146c svchost.exe 0 0 0
1590 LanWlanWwanSwitchingServiceUWP.exe 0 0 0
1a6c svchost.exe 0 0 0
1ba4 SearchIndexer.exe 0 0 0
1840 dllhost.exe 0 0 0
039c AggregatorHost.exe 0 0 0
09cc svchost.exe 0 0 0
1e84 svchost.exe 0 0 0
1ef0 svchost.exe 0 0 0
1fb0 NisSrv.exe 0 0 0
1a24 svchost.exe 0 0 0
1c10 svchost.exe 0 0 0
1ffc svchost.exe 0 0 0
2244 svchost.exe 0 0 0
2038 Malwarebytes.exe 1 32 35 normal C:\Program Files\
Malwarebytes\Anti-Malware
23f0 sihost.exe 1 41 18 normal C:\Windows\
System32
202c svchost.exe 1 0 1 normal C:\Windows\
System32
20a0 svchost.exe 1 4 4 normal C:\Windows\
System32
2118 taskhostw.exe 1 10 6 normal C:\Windows\
System32
211c PowerMgr.exe 1 23 7 below normal C:\Windows\
SysWOW64\Lenovo\PowerMgr
0a04 svchost.exe 0 0 0
0cc8 svchost.exe 0 0 0
21f4 igfxEM.exe 1 10 14 normal C:\Windows\
System32
14e4 igfxHK.exe 1 10 13 normal C:\Windows\
System32
0df8 ctfmon.exe 1 0 0
1ad4 svchost.exe 0 0 0
20f8 explorer.exe 1 2194 883 normal C:\Windows
26b0 svchost.exe 0 0 0
26a8 updatechecker.exe 1 0 0
26b8 BraveCrashHandler.exe 0 0 0
2708 BraveCrashHandler64.exe 0 0 0
20c4 SynTPEnh.exe 1 60 32 above normal C:\Windows\
System32
26cc svchost.exe 1 0 10 normal C:\Windows\
System32
20f0 StartMenuExperienceHost.exe 1 1 15 normal C:\Windows\
SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy
06c4 SearchApp.exe 1 1 29 normal C:\Windows\
SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy
0f0c RuntimeBroker.exe 1 41 2 normal C:\Windows\
System32
23c8 RuntimeBroker.exe 1 58 47 normal C:\Windows\
System32
1220 svchost.exe 0 0 0
1384 SearchApp.exe 1 33 101 normal C:\Windows\
SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy
2ac4 RuntimeBroker.exe 1 4 5 normal C:\Windows\
System32
1c90 TextInputHost.exe 1 0 23 normal C:\Windows\
SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy
2580 RtkAudUService64.exe 1 15 5 normal C:\Windows\
System32\DriverStore\FileRepository\realtekservice.inf_amd64_aab086749a1a9302
25b0 RAVCpl64.exe 1 70 18 normal C:\Program Files\
Realtek\Audio\HDA
25a8 SystemSettings.exe 1 18 39 normal C:\Windows\
ImmersiveControlPanel
253c ApplicationFrameHost.exe 1 90 69 normal C:\Windows\
System32
1a34 VeraCrypt.exe 1 48 50 normal C:\Program Files\
VeraCrypt
16e0 UserOOBEBroker.exe 1 0 1 normal C:\Windows\
System32\oobe
2bac HPDisplayCenter.exe 1 10 19 normal C:\Program Files
(x86)\HP\HP Display Center
24a0 pia-client.exe 1 217 113 normal C:\Program Files\
Private Internet Access
2bb8 svchost.exe 0 0 0
2e54 ShellExperienceHost.exe 1 20 76 normal C:\Windows\
SystemApps\ShellExperienceHost_cw5n1h2txyewy
2ebc RuntimeBroker.exe 1 40 6 normal C:\Windows\
System32
2b38 CalculatorApp.exe 1 0 13 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
2e3c RuntimeBroker.exe 1 0 4 normal C:\Windows\
System32
0750 WhatsApp.exe 1 0 8 normal C:\Program Files\
WindowsApps\5319275A.WhatsAppDesktop_2.2440.9.0_x64__cv1g1gvanyjgm
2a08 RuntimeBroker.exe 1 0 1 normal C:\Windows\
System32
1514 jhi_service.exe 0 0 0
2cd4 LMS.exe 0 0 0
2ee4 SgrmBroker.exe 0 0 0
0f70 svchost.exe 0 0 0
0e54 svchost.exe 0 0 0
2c70 svchost.exe 1 0 1 normal C:\Windows\
System32
1bb4 dllhost.exe 1 0 3 normal C:\Windows\
System32
27b0 igfxext.exe 1 0 2 normal C:\Windows\
System32
0e50 SecurityHealthService.exe 0 0 0
201c PrivacyIconClient.exe 1 87 62 normal C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\IMSS
1658 cmd.exe 1 0 0 below normal C:\Windows\
System32
03c4 conhost.exe 1 10 3 below normal C:\Windows\
System32
0830 LSB.exe 1 0 5 below normal C:\Users\ADMIN\
AppData\Local\Programs\Lenovo\Lenovo Service Bridge
262c svchost.exe 0 0 0
23c0 chrome.exe 1 97 115 normal C:\Program Files\
Google\Chrome\Application
1988 chrome.exe 1 2 4 normal C:\Program Files\
Google\Chrome\Application
12e8 chrome.exe 1 12 15 above normal C:\Program Files\
Google\Chrome\Application
180c chrome.exe 1 0 3 normal C:\Program Files\
Google\Chrome\Application
2008 chrome.exe 1 0 0 normal C:\Program Files\
Google\Chrome\Application
2c60 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
29c0 chrome.exe 1 0 0 normal C:\Program Files\
Google\Chrome\Application
0dd0 brave.exe 1 86 85 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2794 brave.exe 1 2 3 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
076c brave.exe 1 10 16 above normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
14bc brave.exe 1 0 3 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2204 brave.exe 1 0 0 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
1508 brave.exe 1 0 0 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2b30 brave.exe 1 0 0 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
0778 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
1a9c brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
0658 CompPkgSrv.exe 1 0 1 normal C:\Windows\
System32
2c80 brave.exe 1 0 1 normal C:\Program Files\
BraveSoftware\Brave-Browser\Application
2ed0 svchost.exe 0 0 0
2d44 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
0f94 chrome.exe 1 0 1 normal C:\Program Files\
Google\Chrome\Application
0650 chrome.exe 1 0 1 normal C:\Program Files\
Google\Chrome\Application
2428 BridgeCommunication.exe 1 2 4 normal C:\Windows\
System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_bcbefa2816e7502d\x64
0670 acrotray.exe 1 45 13 normal C:\Program Files
(x86)\Adobe\Acrobat DC\Acrobat
3440 microsip.exe 1 426 212 normal C:\Users\ADMIN\
Downloads\MicroSIP-3.21.2
3238 PC-NVR.exe 1 0 0
1e58 Challenge.exe 1 0 0
1854 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3a94 LockApp.exe 1 6 20 normal C:\Windows\
SystemApps\Microsoft.LockApp_cw5n1h2txyewy
2374 RuntimeBroker.exe 1 0 4 normal C:\Windows\
System32
0cc0 svchost.exe 0 0 0
33b8 OfficeClickToRun.exe 0 0 0
36a0 AppVShNotify.exe 1 0 1 normal C:\Program Files\
Common Files\microsoft shared\ClickToRun
39b8 SDXHelper.exe 1 0 14 idle C:\Program Files\
Microsoft Office\root\Office16
4704 Telegram.exe 1 288 146 normal C:\Users\ADMIN\
Desktop\tportable-x64.3.7.3\Telegram
43c4 CalculatorApp.exe 1 6 21 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
1c6c CalculatorApp.exe 1 6 20 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
2488 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
41ec Skype.exe 1 94 70 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
0fd4 Skype.exe 1 0 4 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
1b78 Skype.exe 1 0 1 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
1d2c Skype.exe 1 0 19 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
3594 dllhost.exe 1 1 6 normal C:\Windows\
System32
42b8 Skype.exe 1 4 2 above normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
4364 RuntimeBroker.exe 1 0 1 normal C:\Windows\
System32
35d8 Skype.exe 1 0 1 normal C:\Program Files\
WindowsApps\Microsoft.SkypeApp_15.130.3205.0_x64__kzf8qxf38zg5c\Skype
3958 AnyDesk.exe 1 836 269 normal C:\Users\ADMIN\
Music
3868 AnyDesk.exe 1 0 9 high C:\Users\ADMIN\
Music
3870 AnyDesk.exe 1 171 17 normal C:\Users\ADMIN\
Music
49d8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
491c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3b1c HPAudioAnalytics.exe 0 0 0
3dcc svchost.exe 0 0 0
4d3c taskhostw.exe 1 0 2 normal C:\Windows\
System32
415c svchost.exe 0 0 0
3a2c svchost.exe 0 0 0
4df8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4654 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
3350 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
52b8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4948 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3a68 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4e30 svchost.exe 1 0 1 normal C:\Windows\
System32
50fc taskhostw.exe 1 0 0
1b80 svchost.exe 0 0 0
1920 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4234 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
3b8c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
2eec chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
13b0 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
49e4 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4bbc pia-wgservice.exe 0 0 0
2058 MoUsoCoreWorker.exe 0 0 0
5160 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4e54 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
4fd0 msedge.exe 1 3 44 normal C:\Program Files
(x86)\Microsoft\Edge\Application
3444 msedge.exe 1 0 3 normal C:\Program Files
(x86)\Microsoft\Edge\Application
3cf4 msedge.exe 1 1 6 above normal C:\Program Files
(x86)\Microsoft\Edge\Application
4cc4 msedge.exe 1 0 5 normal C:\Program Files
(x86)\Microsoft\Edge\Application
2fd8 msedge.exe 1 0 0 normal C:\Program Files
(x86)\Microsoft\Edge\Application
4064 msedge.exe 1 0 0 idle C:\Program Files
(x86)\Microsoft\Edge\Application
4c2c msedge.exe 1 0 0 idle C:\Program Files
(x86)\Microsoft\Edge\Application
3160 SnippingTool.exe 1 77 56 normal C:\Windows\
System32
11a0 CalculatorApp.exe 1 6 20 normal C:\Program Files\
WindowsApps\Microsoft.WindowsCalculator_11.2405.2.0_x64__8wekyb3d8bbwe
2d4c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
46c8 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
5280 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
41f8 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
481c chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
10e8 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
51e4 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
1648 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
36ec brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
4d14 WUDFHost.exe 0 0 0
3860 svchost.exe 0 0 0
49ac rundll32.exe 1 0 2 normal C:\Windows\
System32
4474 SearchProtocolHost.exe 0 0 0
4aa0 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
34f0 brave.exe 1 0 0 idle C:\Program Files\
BraveSoftware\Brave-Browser\Application
2100 chrome.exe 1 0 0 idle C:\Program Files\
Google\Chrome\Application
1018 audiodg.exe 0 0 0
0e40 SmartPSS.exe 1 0 0
29dc DSMessageNotify.exe 1 0 0
4d4c svchost.exe 0 0 0
539c AnyDesk.exe 1 247 62 normal C:\Users\ADMIN\
Music
4dcc SearchFilterHost.exe 0 0 0
121c svchost.exe 0 0 0
3f80 Supremo.exe 1 60 56 normal C:\Users\ADMIN\
Downloads
53dc Supremo.exe 1 34 35 normal C:\Users\ADMIN\
Downloads
18e0 Supremo.exe 1 60 56 normal C:\Users\ADMIN\
Downloads
1890 Supremo.exe 1 50 47 normal C:\Users\ADMIN\
Downloads
4488 Supremo.exe 1 55 45 normal C:\Users\ADMIN\
Downloads
3c2c dllhost.exe 1 0 6 normal C:\Windows\
SysWOW64

hardware:
+ {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
- Coda di stampa radice
- Fax
- Microsoft Print to PDF
- Microsoft XPS Document Writer
- OneNote for Windows 10
+ {36fc9e60-c465-11cf-8056-444553540000}
 - Controller host Intel(R) USB 3.0 eXtensible - 1.0 (Microsoft)
- Dispositivo USB composito
- Dispositivo USB composito
- Dispositivo USB composito
- Generic USB Hub
- Generic USB Hub
- Hub radice USB
- Hub radice USB
- Hub radice USB (USB 3.0)
- Intel(R) serie 8/serie C220 USB EHCI n.1 - 8C26
- Intel(R) serie 8/serie C220 USB EHCI n.2 - 8C2D
+ {4d36e966-e325-11ce-bfc1-08002be10318}
- PC ACPI basato su x64
+ {4d36e967-e325-11ce-bfc1-08002be10318}
- SAMSUNG MZ7LN256HCHP-000L7
+ {4d36e968-e325-11ce-bfc1-08002be10318}
- Intel(R) HD Graphics 4600 (driver 20.19.15.4549)
+ {4d36e96a-e325-11ce-bfc1-08002be10318}
- Intel(R) 8 Series/C220 Chipset Family SATA AHCI Controller (driver
14.8.16.1063)
+ {4d36e96b-e325-11ce-bfc1-08002be10318}
- Tastiera HID
- Tastiera HID
- Tastiera HID
- Tastiera HID
- Tastiera HID
+ {4d36e96c-e325-11ce-bfc1-08002be10318}
- Audio Intel(R) per schermi (driver 6.16.0.3208)
- Plantronics Blackwire 3225 Series
- Realtek High Definition Audio (driver 6.0.8924.1)
- Voicemod Virtual Audio Device (WDM) (driver 2022.6.1.0)
+ {4d36e96e-e325-11ce-bfc1-08002be10318}
- Monitor generico non Plug and Play
- Monitor generico Plug and Play
+ {4d36e96f-e325-11ce-bfc1-08002be10318}
- Mouse compatibile HID
+ {4d36e972-e325-11ce-bfc1-08002be10318}
- Intel(R) Ethernet Connection I217-LM #2 (driver 12.19.2.61)
- Microsoft Kernel Debug Network Adapter
- Private Internet Access Network Adapter (driver 9.24.2.601)
- WAN Miniport (IKEv2)
- WAN Miniport (IP)
- WAN Miniport (IPv6)
- WAN Miniport (L2TP)
- WAN Miniport (Network Monitor)
- WAN Miniport (PPPOE)
- WAN Miniport (PPTP)
- WAN Miniport (SSTP)
- WireGuard Tunnel (driver 0.10.0.0)
- WireGuard Tunnel (driver 0.8.0.0)
+ {4d36e978-e325-11ce-bfc1-08002be10318}
- Porta di comunicazione (COM1)
+ {4d36e97b-e325-11ce-bfc1-08002be10318}
- Controller spazi di archiviazione Microsoft
+ {4d36e97d-e325-11ce-bfc1-08002be10318}
- Archiviazione volumi
- Bus Redirector dispositivi Desktop remoto
- Complesso radice PCI Express
- Controller di accesso diretto alla memoria (DMA)
 - Controller per High Definition Audio
- Controller per High Definition Audio
- Coprocessore matematico
- Dispositivo legacy
- Driver arbitraggio ricarica
- Driver BIOS Microsoft System Management
- Driver infrastruttura di virtualizzazione Hyper-V Microsoft
- Driver rendering base Microsoft
- Driver video base Microsoft
- Enumeratore bus composito
- Enumeratore bus radice UMBus
- Enumeratore di dispositivi software Plug and Play
- Enumeratore scheda di rete virtuale NDIS
- Enumeratore unità virtuale Microsoft
- Fujitsu FUJ02E3 Device Driver (driver 4.5.1.0)
- Intel(R) 8 Series/C220 Series Thermal - 8C24 (driver 10.1.2.80)
- Intel(R) Management Engine Interface (driver 11.7.0.1057)
- Intel(R) Q87 LPC Controller - 8C4E (driver 10.1.2.80)
- Intel(R) Xeon(R) processor E3 - 1200 v3/4th Gen Core processor DRAM Controller
- 0C00 (driver 10.1.2.80)
- Orologio di sistema CMOS a tempo reale
- Programmable Interrupt Controller
- Pulsante alimentazione ACPI
- Pulsante caratteristica ACPI fissa
- Risorse scheda madre
- Risorse scheda madre
- Risorse scheda madre
- Risorse scheda madre
- Risorse scheda madre
- Sistema compatibile ACPI Microsoft
- Synaptics SMBus Driver (driver 19.0.17.142)
- Timer di sistema
- Timer eventi alta precisione
- Zona termica ACPI
- Zona termica ACPI
+ {50127dc3-0f36-415e-a6cc-4cb3be910b65}
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
- Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
+ {533c5b84-ec70-11d2-9505-00c04f79deaf}
- Copia shadow volume generico
- Copia shadow volume generico
+ {53d29ef7-377c-4d14-864b-eb3a85769359}
- Windows Hello Face Software Device (driver 10.0.19041.3636)
+ {5c4c3332-344d-483c-8739-259e934c9cc8}
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
- Intel(R) XTU Component Device (driver 6.5.1.371)
+ {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
 - Microsoft Passport Container Enumeration Bus
- Microsoft Radio Device Enumeration Bus
- Microsoft RRAS Root Enumerator
- Sintetizzatore Wavetable Microsoft GS
- Smart Card Device Enumeration Bus
+ {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
- Controller di sistema compatibile HID
- Controller di sistema compatibile HID
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo compatibile HID definito da fornitore
- Dispositivo controllo consumi compatibile HID
- Dispositivo controllo consumi compatibile HID
- Dispositivo controllo consumi compatibile HID
- Dispositivo di input USB
- Dispositivo di input USB
- Dispositivo di input USB
- Dispositivo di input USB
- Dispositivo di input USB
- HID-compliant headset
+ {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
- Altoparlanti (2- Realtek High Definition Audio)
- Auricolare e microtelefono (Plantronics Blackwire 3225 Series)
- Cuffia auricolare con microfono (Plantronics Blackwire 3225 Series)
- SyncMaster (Audio Intel(R) per schermi)
+ {d94ee5d8-d189-4994-83d2-f68d7d41b0e6}
- Trusted Platform Module 1.2

cpu registers:
eax = 076246b0
ebx = 07662720
ecx = 00000000
edx = 03c41ef0
esi = 0597c37c
edi = 00000020
eip = 004dc42f
esp = 0019fdd4
ebp = 0019fe40

stack dump:
0019fdd4 2f c4 4d 00 de fa ed 0e - 01 00 00 00 07 00 00 00 /.M.............
0019fde4 e8 fd 19 00 2f c4 4d 00 - b0 46 62 07 20 27 66 07 ..../.M..Fb. 'f.
0019fdf4 7c c3 97 05 20 00 00 00 - 40 fe 19 00 04 fe 19 00 |... ...@.......
0019fe04 50 fe 19 00 44 ab 40 00 - 40 fe 19 00 90 f9 b1 03 P...D.@.@.......
0019fe14 20 27 66 07 01 00 c2 03 - 00 00 00 00 00 00 00 00 'f.............
0019fe24 00 00 00 00 00 00 00 00 - 2c c4 97 05 11 be 4a 00 ........,.....J.
0019fe34 dc 14 a0 05 11 c3 97 05 - de 9c 40 00 68 fe 19 00 [email protected]...
0019fe44 e5 c2 4d 00 00 00 00 00 - 20 00 00 00 74 fe 19 00 ..M..... ...t...
0019fe54 23 ad 40 00 68 fe 19 00 - 20 27 66 07 bc 9e 98 05 #[email protected]... 'f.....
0019fe64 7c c3 97 05 98 fe 19 00 - 0f 28 6f 01 20 00 00 00 |........(o. ...
0019fe74 a0 fe 19 00 44 ab 40 00 - 98 fe 19 00 00 00 00 00 ....D.@.........
0019fe84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019fe94 00 00 00 00 c0 fe 19 00 - 2e 2a 6f 01 c8 fe 19 00 .........*o.....
0019fea4 44 ab 40 00 c0 fe 19 00 - 90 f9 b1 03 84 e5 a3 00 D.@.............
0019feb4 00 00 00 00 00 00 00 00 - 00 00 00 00 58 ff 19 00 ............X...
0019fec4 b3 2a 70 01 60 ff 19 00 - 44 ab 40 00 58 ff 19 00 .*p.`[email protected]...
0019fed4 90 f9 b1 03 90 f9 b1 03 - 00 90 3f 00 00 00 00 00 ..........?.....
0019fee4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019fef4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0019ff04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

disassembling:
[...]
004dc416 push 1
004dc418 mov ecx, [$1af4dbc]
004dc41e mov dl, 1
004dc420 mov eax, [$4a40dc]
004dc425 call -$a4262 ($4381c8) ; System.SysUtils.Exception.CreateResFmt
004dc42a > call -$d17c7 ($40ac68) ; System.@RaiseExcept
004dc42f lea eax, [ebx+8]
004dc432 mov edx, esi
004dc434 call -$d0a4d ($40b9ec) ; System.@UStrAsg
004dc439 xor eax, eax
004dc43b pop edx
[...]