[BUG]: Norton 360's Data Protector blocked a suspicious action #855

Fydon · 2024-05-28T21:10:25Z

Describe the bug
Since updating from v0.1.25 to v0.1.26, I've had Norton 360's Data Protector notify me 8 times that it blocked a suspicious action by komorebic.exe. The target file path always starts with C:\ProgramData\Microsoft\Windows\WER\:

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_14a0ecde-8625-4b48-8f07-8067ec910150\Report.wer"
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_a01689e91534f33411526667386967bb39c26933_00000000_cab_7e37d60c-243a-4463-a1d4-d40ae5fbfc4a\WER.d5a156e6-ede2-43cc-be95-f46f766f871c.tmp.WERInternalMetadata.xml"
C:\ProgramData\Microsoft\Windows\WER\Temp
C:\ProgramData\Microsoft\Windows\WER\Temp\14a0ecde-8625-4b48-8f07-8067ec910150
C:\ProgramData\Microsoft\Windows\WER\Temp\2018d40a-4a63-4b83-93c7-debeef8e2e4d
C:\ProgramData\Microsoft\Windows\WER\Temp\785b3b3e-0e94-48a9-9d2e-dde0a3e74907
C:\ProgramData\Microsoft\Windows\WER\Temp\7e37d60c-243a-4463-a1d4-d40ae5fbfc4a
C:\ProgramData\Microsoft\Windows\WER\Temp\d67637ee-65d0-4e85-ac8d-3315f15e49e9

I've tried to look for more details, but haven't managed to find any yet.

To Reproduce
Not sure

Expected behavior

Screenshots and Videos

Operating System

OS Name:                   Microsoft Windows 11 Pro
OS Version:                10.0.22631 N/A Build 22631

komorebic check Output

No KOMOREBI_CONFIG_HOME detected, defaulting to C:\Users\username

Looking for configuration files in C:\Users\username

Found komorebi.json; this file can be passed to the start command with the --config flag

Found C:\Users\username\.config\whkdrc; key bindings will be loaded from here when whkd is started, and you can start it automatically using the --whkd flag

Additional context
I'm not running AHK scripts or any other software to handle any aspect of window management or manipulation

The text was updated successfully, but these errors were encountered:

LGUG2Z · 2024-05-28T22:24:45Z

https://learn.microsoft.com/en-us/windows/win32/wer/windows-error-reporting

I guess this is something at the OS level or maybe a result of installing with WinGet, because komorebi and komorebic have not explicitly opted in to Windows Error Reporting 🤔

Fydon · 2024-05-28T23:15:07Z

Now that I come to think of it, I'd installed 0.1.24 and 0.1.25 with the MSI, but 0.1.26 was probably the first I installed with winget. Therefore maybe it is something to do with that.

Fydon · 2024-05-28T23:39:21Z

Checking Event Viewer, I see the following for yesterday. It seems to be about a GDI object leak.

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:15:15
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      computername
Description:
Fault bucket 2049456391375201219, type 5
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 77f9da165b6a8
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.81395116-b7c3-4893-bcf1-a21c812fe450.tmp.WERInternalMetadata.xml

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_14a0ecde-8625-4b48-8f07-8067ec910150

Analysis symbol: 
Rechecking for solution: 0
Report Id: 14a0ecde-8625-4b48-8f07-8067ec910150
Report Status: 2147487744
Hashed bucket: 64a920e5f63005631c7121babe92a3c3
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:15:15.6968213Z" />
    <EventRecordID>133101</EventRecordID>
    <Correlation />
    <Execution ProcessID="29072" ThreadID="60196" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Bucket">2049456391375201219</Data>
    <Data Name="BucketType">5</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">77f9da165b6a8</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.81395116-b7c3-4893-bcf1-a21c812fe450.tmp.WERInternalMetadata.xml</Data>
    <Data Name="StorePath">\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_14a0ecde-8625-4b48-8f07-8067ec910150</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">14a0ecde-8625-4b48-8f07-8067ec910150</Data>
    <Data Name="ReportStatus">2147487744</Data>
    <Data Name="HashedBucket">64a920e5f63005631c7121babe92a3c3</Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:15:14
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          computername\username
Computer:      computername
Description:
Fault bucket , type 0
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 77f9da165b6a8
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_14a0ecde-8625-4b48-8f07-8067ec910150

Analysis symbol: 
Rechecking for solution: 0
Report Id: 14a0ecde-8625-4b48-8f07-8067ec910150
Report Status: 4100
Hashed bucket: 
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:15:14.1836666Z" />
    <EventRecordID>133100</EventRecordID>
    <Correlation />
    <Execution ProcessID="25476" ThreadID="62144" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-21-454296873-2031634406-4127363651-1001" />
  </System>
  <EventData>
    <Data Name="Bucket">
    </Data>
    <Data Name="BucketType">0</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">77f9da165b6a8</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
    </Data>
    <Data Name="StorePath">\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_14a0ecde-8625-4b48-8f07-8067ec910150</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">14a0ecde-8625-4b48-8f07-8067ec910150</Data>
    <Data Name="ReportStatus">4100</Data>
    <Data Name="HashedBucket">
    </Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:15:13
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          computername\username
Computer:      computername
Description:
Fault bucket , type 0
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 77f9da165b6a8
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:

These files may be available here:
NULL

Analysis symbol: 
Rechecking for solution: 0
Report Id: 14a0ecde-8625-4b48-8f07-8067ec910150
Report Status: 1074003968
Hashed bucket: 
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:15:13.6848190Z" />
    <EventRecordID>133099</EventRecordID>
    <Correlation />
    <Execution ProcessID="26904" ThreadID="57776" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-21-454296873-2031634406-4127363651-1001" />
  </System>
  <EventData>
    <Data Name="Bucket">
    </Data>
    <Data Name="BucketType">0</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">77f9da165b6a8</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
    </Data>
    <Data Name="StorePath">NULL</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">14a0ecde-8625-4b48-8f07-8067ec910150</Data>
    <Data Name="ReportStatus">1074003968</Data>
    <Data Name="HashedBucket">
    </Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:14:20
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      computername
Description:
Fault bucket 2049456391375201219, type 5
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 1957317524903217183

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 77f9da165b6a8
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.efdde4b1-a3f4-416d-8140-9e0e120ebbe9.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.270b42ab-5874-41ea-aa3a-0773159d1199.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b1ac4c08-89bd-4d99-b40d-c8181b2b7200.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.34176f61-e538-43d7-8550-d8a204064a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.50b02eb0-b412-4753-897f-8f76deff39b1.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.07109842-7297-40a2-9913-33ce2d97cf53.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.2e4d774f-5ee5-414f-b0d5-260a96c6a997.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.6fff7ec9-2064-4b29-8e0d-572115ea2e94.tmp.WERDataCollectionStatus.txt

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907

Analysis symbol: 
Rechecking for solution: 0
Report Id: 785b3b3e-0e94-48a9-9d2e-dde0a3e74907
Report Status: 268435464
Hashed bucket: 64a920e5f63005631c7121babe92a3c3
Cab Guid: 12d98c78-6ee8-41bc-9b29-c9eb2880c81f
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:14:20.1976562Z" />
    <EventRecordID>133098</EventRecordID>
    <Correlation />
    <Execution ProcessID="59164" ThreadID="65576" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Bucket">2049456391375201219</Data>
    <Data Name="BucketType">5</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">1957317524903217183</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">77f9da165b6a8</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.efdde4b1-a3f4-416d-8140-9e0e120ebbe9.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.270b42ab-5874-41ea-aa3a-0773159d1199.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b1ac4c08-89bd-4d99-b40d-c8181b2b7200.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.34176f61-e538-43d7-8550-d8a204064a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.50b02eb0-b412-4753-897f-8f76deff39b1.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.07109842-7297-40a2-9913-33ce2d97cf53.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.2e4d774f-5ee5-414f-b0d5-260a96c6a997.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.6fff7ec9-2064-4b29-8e0d-572115ea2e94.tmp.WERDataCollectionStatus.txt</Data>
    <Data Name="StorePath">\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">785b3b3e-0e94-48a9-9d2e-dde0a3e74907</Data>
    <Data Name="ReportStatus">268435464</Data>
    <Data Name="HashedBucket">64a920e5f63005631c7121babe92a3c3</Data>
    <Data Name="CabGuid">12d98c78-6ee8-41bc-9b29-c9eb2880c81f</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:14:14
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      computername
Description:
Fault bucket 1297667213870337682, type 5
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 1163720823893548544

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 67fa84d4a60b2
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.281d310e-65d4-4bef-9f80-741c9df5d629.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.fd8b29fe-de19-4074-828e-8e9b6130e725.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b4b25f6d-1015-4724-8b25-651f2b7296d2.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.aecabcaa-fe2f-4983-9021-9f7c1b984a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.491225d3-e107-4b2d-8f42-f4ab18e27e71.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.0ccde24a-3a6f-495e-9757-b13a06451d8a.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.7fa3cd11-0c9e-470c-b542-842935937ff7.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.da7a2e39-b223-47d4-ba07-dfaf50af3770.tmp.WERDataCollectionStatus.txt

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9

Analysis symbol: 
Rechecking for solution: 0
Report Id: d67637ee-65d0-4e85-ac8d-3315f15e49e9
Report Status: 268435464
Hashed bucket: 6e70be92df4fe62032023d74a7698e92
Cab Guid: 4a39dbb0-86c3-40e8-9026-5dec75e65e00
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:14:14.5735746Z" />
    <EventRecordID>133097</EventRecordID>
    <Correlation />
    <Execution ProcessID="59164" ThreadID="65576" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Bucket">1297667213870337682</Data>
    <Data Name="BucketType">5</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">1163720823893548544</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">67fa84d4a60b2</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.281d310e-65d4-4bef-9f80-741c9df5d629.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.fd8b29fe-de19-4074-828e-8e9b6130e725.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b4b25f6d-1015-4724-8b25-651f2b7296d2.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.aecabcaa-fe2f-4983-9021-9f7c1b984a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.491225d3-e107-4b2d-8f42-f4ab18e27e71.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.0ccde24a-3a6f-495e-9757-b13a06451d8a.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.7fa3cd11-0c9e-470c-b542-842935937ff7.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.da7a2e39-b223-47d4-ba07-dfaf50af3770.tmp.WERDataCollectionStatus.txt</Data>
    <Data Name="StorePath">\\?\C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">d67637ee-65d0-4e85-ac8d-3315f15e49e9</Data>
    <Data Name="ReportStatus">268435464</Data>
    <Data Name="HashedBucket">6e70be92df4fe62032023d74a7698e92</Data>
    <Data Name="CabGuid">4a39dbb0-86c3-40e8-9026-5dec75e65e00</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:14:07
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          computername\username
Computer:      computername
Description:
Fault bucket , type 0
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 77f9da165b6a8
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.efdde4b1-a3f4-416d-8140-9e0e120ebbe9.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.270b42ab-5874-41ea-aa3a-0773159d1199.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b1ac4c08-89bd-4d99-b40d-c8181b2b7200.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.34176f61-e538-43d7-8550-d8a204064a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.50b02eb0-b412-4753-897f-8f76deff39b1.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.07109842-7297-40a2-9913-33ce2d97cf53.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.2e4d774f-5ee5-414f-b0d5-260a96c6a997.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.6fff7ec9-2064-4b29-8e0d-572115ea2e94.tmp.WERDataCollectionStatus.txt

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907

Analysis symbol: 
Rechecking for solution: 0
Report Id: 785b3b3e-0e94-48a9-9d2e-dde0a3e74907
Report Status: 4
Hashed bucket: 
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:14:07.2372677Z" />
    <EventRecordID>133096</EventRecordID>
    <Correlation />
    <Execution ProcessID="68012" ThreadID="61564" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-21-454296873-2031634406-4127363651-1001" />
  </System>
  <EventData>
    <Data Name="Bucket">
    </Data>
    <Data Name="BucketType">0</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">77f9da165b6a8</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.efdde4b1-a3f4-416d-8140-9e0e120ebbe9.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.270b42ab-5874-41ea-aa3a-0773159d1199.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b1ac4c08-89bd-4d99-b40d-c8181b2b7200.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.34176f61-e538-43d7-8550-d8a204064a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.50b02eb0-b412-4753-897f-8f76deff39b1.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.07109842-7297-40a2-9913-33ce2d97cf53.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.2e4d774f-5ee5-414f-b0d5-260a96c6a997.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.6fff7ec9-2064-4b29-8e0d-572115ea2e94.tmp.WERDataCollectionStatus.txt</Data>
    <Data Name="StorePath">\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_628cd55635906b21e1f318735447494e533751ba_00000000_cab_785b3b3e-0e94-48a9-9d2e-dde0a3e74907</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">785b3b3e-0e94-48a9-9d2e-dde0a3e74907</Data>
    <Data Name="ReportStatus">4</Data>
    <Data Name="HashedBucket">
    </Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:14:06
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          computername\username
Computer:      computername
Description:
Fault bucket , type 0
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 67fa84d4a60b2
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.281d310e-65d4-4bef-9f80-741c9df5d629.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.fd8b29fe-de19-4074-828e-8e9b6130e725.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b4b25f6d-1015-4724-8b25-651f2b7296d2.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.aecabcaa-fe2f-4983-9021-9f7c1b984a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.491225d3-e107-4b2d-8f42-f4ab18e27e71.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.0ccde24a-3a6f-495e-9757-b13a06451d8a.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.7fa3cd11-0c9e-470c-b542-842935937ff7.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.da7a2e39-b223-47d4-ba07-dfaf50af3770.tmp.WERDataCollectionStatus.txt

These files may be available here:
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9

Analysis symbol: 
Rechecking for solution: 0
Report Id: d67637ee-65d0-4e85-ac8d-3315f15e49e9
Report Status: 4
Hashed bucket: 
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:14:06.9348880Z" />
    <EventRecordID>133095</EventRecordID>
    <Correlation />
    <Execution ProcessID="57672" ThreadID="5628" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-21-454296873-2031634406-4127363651-1001" />
  </System>
  <EventData>
    <Data Name="Bucket">
    </Data>
    <Data Name="BucketType">0</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">67fa84d4a60b2</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.281d310e-65d4-4bef-9f80-741c9df5d629.tmp.WERInternalMetadata.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_OneTrace_User_Logger_20240526_1_EC_0_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.fd8b29fe-de19-4074-828e-8e9b6130e725.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\WPR_initiated_DiagTrackMiniLogger_WPR System Collector_inject.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.b4b25f6d-1015-4724-8b25-651f2b7296d2.tmp.etl
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.aecabcaa-fe2f-4983-9021-9f7c1b984a6a.tmp.csv
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.491225d3-e107-4b2d-8f42-f4ab18e27e71.tmp.txt
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.0ccde24a-3a6f-495e-9757-b13a06451d8a.tmp.xml
\\?\C:\ProgramData\Microsoft\Windows\WER\Temp\WER.7fa3cd11-0c9e-470c-b542-842935937ff7.tmp.mdmp
\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9\memory.hdmp
\\?\C:\Users\username\AppData\Local\Temp\WER.da7a2e39-b223-47d4-ba07-dfaf50af3770.tmp.WERDataCollectionStatus.txt</Data>
    <Data Name="StorePath">\\?\C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_komorebi.exe_17c114d1d62aa27a600e3691084c706e9f1be6_00000000_cab_d67637ee-65d0-4e85-ac8d-3315f15e49e9</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">d67637ee-65d0-4e85-ac8d-3315f15e49e9</Data>
    <Data Name="ReportStatus">4</Data>
    <Data Name="HashedBucket">
    </Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:14:04
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          computername\username
Computer:      computername
Description:
Fault bucket , type 0
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 77f9da165b6a8
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:

These files may be available here:
NULL

Analysis symbol: 
Rechecking for solution: 0
Report Id: 785b3b3e-0e94-48a9-9d2e-dde0a3e74907
Report Status: 1074003968
Hashed bucket: 
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:14:04.4637873Z" />
    <EventRecordID>133094</EventRecordID>
    <Correlation />
    <Execution ProcessID="26904" ThreadID="68316" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-21-454296873-2031634406-4127363651-1001" />
  </System>
  <EventData>
    <Data Name="Bucket">
    </Data>
    <Data Name="BucketType">0</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">77f9da165b6a8</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
    </Data>
    <Data Name="StorePath">NULL</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">785b3b3e-0e94-48a9-9d2e-dde0a3e74907</Data>
    <Data Name="ReportStatus">1074003968</Data>
    <Data Name="HashedBucket">
    </Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          28/05/2024 14:14:04
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      
User:          computername\username
Computer:      computername
Description:
Fault bucket , type 0
Event Name: GDIObjectLeak
Response: Not available
Cab Id: 0

Problem signature:
P1: komorebi.exe
P2: 0.0.0.0
P3: 0.0
P4: 10
P5: 67fa84d4a60b2
P6: 
P7: 
P8: 
P9: 
P10: 

Attached files:

These files may be available here:
NULL

Analysis symbol: 
Rechecking for solution: 0
Report Id: d67637ee-65d0-4e85-ac8d-3315f15e49e9
Report Status: 1074003968
Hashed bucket: 
Cab Guid: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" Guid="{0ead09bd-2157-539a-8d6d-c87f95b64d70}" />
    <EventID>1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2024-05-28T13:14:04.3698879Z" />
    <EventRecordID>133093</EventRecordID>
    <Correlation />
    <Execution ProcessID="26904" ThreadID="57776" />
    <Channel>Application</Channel>
    <Computer>computername</Computer>
    <Security UserID="S-1-5-21-454296873-2031634406-4127363651-1001" />
  </System>
  <EventData>
    <Data Name="Bucket">
    </Data>
    <Data Name="BucketType">0</Data>
    <Data Name="EventName">GDIObjectLeak</Data>
    <Data Name="Response">Not available</Data>
    <Data Name="CabId">0</Data>
    <Data Name="P1">komorebi.exe</Data>
    <Data Name="P2">0.0.0.0</Data>
    <Data Name="P3">0.0</Data>
    <Data Name="P4">10</Data>
    <Data Name="P5">67fa84d4a60b2</Data>
    <Data Name="P6">
    </Data>
    <Data Name="P7">
    </Data>
    <Data Name="P8">
    </Data>
    <Data Name="P9">
    </Data>
    <Data Name="P10">
    </Data>
    <Data Name="AttachedFiles">
    </Data>
    <Data Name="StorePath">NULL</Data>
    <Data Name="AnalysisSymbol">
    </Data>
    <Data Name="Rechecking">0</Data>
    <Data Name="ReportId">d67637ee-65d0-4e85-ac8d-3315f15e49e9</Data>
    <Data Name="ReportStatus">1074003968</Data>
    <Data Name="HashedBucket">
    </Data>
    <Data Name="CabGuid">0</Data>
  </EventData>
</Event>

This commit ensures that HPEN and HBRUSH objects created to draw window borders are explicitly destroyed with calls to DeleteObject after EndPaint has been called. re #855

LGUG2Z · 2024-05-29T00:36:38Z

Thanks for grabbing this information! It looks like I was missing a few calls to DeleteObject before - I've added these in which should resolve the GDIObjectLeaks from the border manager at least; I'll need to take a look and see if we need to do something similar for the stackbar manager.

This commit ensures that HPEN, HBRUSH and HFONT objects which are used to draw stackbar tabs are explicitly destroyed with calls to DeleteObject after ReleaseDC has been called. re #855

LGUG2Z · 2024-05-29T00:42:34Z

Found some in the stackbar manager too which I've addressed above ^

This doesn't really address the Norton issue (not sure there is anything we can do for overzealous AV software) - but the info in this issue has definitely helped us improve the correctness of komorebi 🎉

Fydon · 2024-05-29T06:20:55Z

Thank you for the quick response. I think the next release will resolve it for now. If it happens again I'll know to check event viewer for more information.

Fydon · 2024-06-26T15:00:14Z

Since installing the update, I haven't seen any popups from Norton or logs in Event Viewer about leaks, so I think that this is resolved. Thank you.

Fydon added the bug Something isn't working label May 28, 2024

LGUG2Z added a commit that referenced this issue May 29, 2024

fix(borders): destroy hpen and hbrush objects

3232d92

This commit ensures that HPEN and HBRUSH objects created to draw window borders are explicitly destroyed with calls to DeleteObject after EndPaint has been called. re #855

Fydon closed this as completed Jun 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG]: Norton 360's Data Protector blocked a suspicious action #855

[BUG]: Norton 360's Data Protector blocked a suspicious action #855

Fydon commented May 28, 2024

LGUG2Z commented May 28, 2024 •

edited

Loading

Fydon commented May 28, 2024

Fydon commented May 28, 2024

LGUG2Z commented May 29, 2024

LGUG2Z commented May 29, 2024

Fydon commented May 29, 2024

Fydon commented Jun 26, 2024

[BUG]: Norton 360's Data Protector blocked a suspicious action #855

[BUG]: Norton 360's Data Protector blocked a suspicious action #855

Comments

Fydon commented May 28, 2024

LGUG2Z commented May 28, 2024 • edited Loading

Fydon commented May 28, 2024

Fydon commented May 28, 2024

LGUG2Z commented May 29, 2024

LGUG2Z commented May 29, 2024

Fydon commented May 29, 2024

Fydon commented Jun 26, 2024

LGUG2Z commented May 28, 2024 •

edited

Loading