Question BSOD Apex Legends

[ZeroToxiciti]

Hey guys, my friend has been having issues with very frequent (sessions of 2 hours at the very most before crashing) We've tried replacing his RAM, replacing his HDD with an SSD, and updating drivers. I have some of his latest minidumps here. One of these was with driver verifier active.
https://drive.google.com/drive/folders/119HoAOBM3RGVfG0YCs6W6RxBJ_OrHzDO?usp=sharing
Would really appreciate some help in figuring out what exactly is causing the problem, as replacing parts randomly is not a viable option for us.

 

[johnbl]

updated bios is dated 2022-07-13 and has new drivers available. I would start with this as the first fix attempt.
current bios is dated 03/20/2017.

MSI Global - The Leading Brand in High-end Gaming & Professional Creation
best to do both the bios and driver updates
the assumption is that there have been so many bios AGESA updates that the windows updates are using the new interfaces and the bios is using the old version from 2017.
AGESA - Wikipedia
(just fyi)

microsoft used this file:
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
to attempt to patch the cpu microcode.
amd uses the ryzen master drivers to override the setting. Best to update the bios to get the patches installed rather than hoping microsoft .dll fixes the bad bios versions.
-----------
Debug session time: Thu Jan 12 01:00:48.149 2023 (UTC - 8:00)
System Uptime: 0 days 11:11:24.781

most current bugcheck
access violation while running microsoft defender
thread was swapped in, kernel address looks ok but was invalid.
one windows core file has been modified:
\SystemRoot\System32\win32kfull.sys unavailable (00000000)

will look at the other dumps to see if I can find a trend.
machine info:
BaseBoardManufacturer = MSI
BaseBoardProduct = X370 GAMING PRO (MS-7A33)
BaseBoardVersion = 2.0
BiosMajorRelease = 5
BiosMinorRelease = 12
BiosVendor = American Megatrends Inc.
BiosVersion = 4.00
BiosReleaseDate = 03/20/2017
SystemManufacturer = MSI
SystemProductName = MS-7A33

Processor Version AMD Ryzen 5 1600 Six-Core Processor
Processor Voltage 8ch - 1.2V
External Clock 100MHz
Max Speed 3900MHz

 

[johnbl]

second oldest bugcheck was in
multimedia class scheduler service, it got swapped in and the kernel address looks valid but was not

3 windows core files modified
win32k.sys
win32base.sys
win32kfull.sys
Debug session time: Thu Jan 12 03:14:33.092 2023 (UTC - 8:00)
System Uptime: 0 days 1:24:34.725

 

[johnbl]

I looked at a few of the other bugchecks, all of the bugchecks are happen when a thread is swapped in but the kernel address has been slightly modified. I would guess you have malware trying to get into your system. you should do the bios update to get the various fixes for the known amd attacks. then boot windows and update the drivers for the CPU chipset. then I would turn off windows virtual memory to delete the hidden pagefile.sys and reboot and turn it back on to make a clean one. I would then run cmd.exe as an admin and run
sfc.exe /scannow
DISM.exe /Online /Cleanup-Image /Restorehealth
then run a malware scan

note:
jan 12 at 1:00 1 windows core file modified
jan 12 at 3:14 3 windows core files modified

the bad kernel address used a patern that looked like a program probing memory addresses by adding small offsets

you might also download microsoft rammap64
find the empty menu item and select each of them. mainly to remove the standby list and remove a bunch of places where malware can hide its code.
RAMMap - Sysinternals | Microsoft Learn

 

[ZeroToxiciti]

I looked at a few of the other bugchecks, all of the bugchecks are happen when a thread is swapped in but the kernel address has been slightly modified. I would guess you have malware trying to get into your system. you should do the bios update to get the various fixes for the known amd attacks. then boot windows and update the drivers for the CPU chipset. then I would turn off windows virtual memory to delete the hidden pagefile.sys and reboot and turn it back on to make a clean one. I would then run cmd.exe as an admin and run
sfc.exe /scannow
DISM.exe /Online /Cleanup-Image /Restorehealth
then run a malware scan

note:
jan 12 at 1:00 1 windows core file modified
jan 12 at 3:14 3 windows core files modified

the bad kernel address used a patern that looked like a program probing memory addresses by adding small offsets

you might also download microsoft rammap64
find the empty menu item and select each of them. mainly to remove the standby list and remove a bunch of places where malware can hide its code.
RAMMap - Sysinternals | Microsoft Learn

Thank you so much for the incredibly detailed response. We ended up updating the BIOS like you said and that seemed to have done the job already. Will follow through with the other instructions if problems arise again.