Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 01 minutes and 39 seconds
- ================================= CPU ==================================
- COUNT: 4
- MHZ: 3912
- VENDOR: GenuineIntel
- FAMILY: 6
- MODEL: 9e
- STEPPING: 9
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 18362.1.amd64fre.19h1_release.190318-1202
- BUILD_VERSION: 10.0.18362.418 (WinBuild.160101.0800)
- BUILD: 18362
- SERVICEPACK: 418
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS
- BUILD_TIMESTAMP: unknown_date
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.18362.418
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * Additional BIOS information was not included in the dump file(s). This
- can be caused by an outdated BIOS.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ====================== File: 072320-61218-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff806`46800000 PsLoadedModuleList = 0xfffff806`46c48210
- Debug session time: Thu Jul 23 06:20:19.629 2020 (UTC - 4:00)
- System Uptime: 0 days 23:00:43.303
- BugCheck 154, {ffffb188127a4000, ffffc50c9add5f00, 2, 0}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : hardware_disk
- Followup: MachineOwner
- UNEXPECTED_STORE_EXCEPTION (154)
- The store component caught an unexpected exception.
- Arguments:
- Arg1: ffffb188127a4000, Pointer to the store context or data manager
- Arg2: ffffc50c9add5f00, Exception information
- Arg3: 0000000000000002, Reserved
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_RECORD: ffffc50c9add6ea8 -- (.exr 0xffffc50c9add6ea8)
- ExceptionAddress: fffff8064695e150 (nt!RtlDecompressBufferXpressLz+0x0000000000000050)
- ExceptionCode: c0000006 (In-page I/O error)
- ExceptionFlags: 00000000
- NumberParameters: 3
- Parameter[0]: 0000000000000000
- Parameter[1]: 000002298b14efe0
- Parameter[2]: 00000000c0000483
- Inpage operation failed at 000002298b14efe0, due to I/O error 00000000c0000483
- EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
- FAULTING_IP:
- nt!RtlDecompressBufferXpressLz+50
- fffff806`4695e150 418b08 mov ecx,dword ptr [r8]
- FOLLOWUP_IP:
- +0
- 00000229`8b14efe0 ?? ???
- EXCEPTION_PARAMETER1: 0000000000000000
- EXCEPTION_PARAMETER2: 000002298b14efe0
- CONTEXT: ffffc50c9add66f0 -- (.cxr 0xffffc50c9add66f0)
- rax=fffff8064695e100 rbx=0000000000000000 rcx=ffff8000fcd67000
- rdx=ffff8000fcd67000 rsi=0000000000000002 rdi=000002298b14efe0
- rip=fffff8064695e150 rsp=ffffc50c9add70e8 rbp=ffff8000fcd67000
- r8=000002298b14efe0 r9=0000000000000222 r10=ffff8000fcd67ea0
- r11=000002298b14f202 r12=ffffc50c9add7378 r13=ffffb18818671000
- r14=000002298b14f1ac r15=ffff8000fcd68000
- iopl=0 nv up ei pl zr na po nc
- cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00050246
- nt!RtlDecompressBufferXpressLz+0x50:
- fffff806`4695e150 418b08 mov ecx,dword ptr [r8] ds:002b:00000229`8b14efe0=????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: MemCompression
- CURRENT_IRQL: 0
- ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
- EXCEPTION_CODE_STR: c0000006
- EXCEPTION_PARAMETER3: 00000000c0000483
- IO_ERROR: (NTSTATUS) 0xc0000483 - The request failed due to a fatal device hardware error.
- EXCEPTION_STR: 0xc0000006_c0000483
- BUGCHECK_STR: 0x154_c0000006_c0000483
- STACK_TEXT:
- ffffc50c`9add5e48 fffff806`46b21aea : 00000000`00000154 ffffb188`127a4000 ffffc50c`9add5f00 00000000`00000002 : nt!KeBugCheckEx
- ffffc50c`9add5e50 fffff806`469db1de : ffffb188`127a4000 ffffc50c`9add5f00 fffff806`00000002 fffff806`46833926 : nt!SMKM_STORE<SM_TRAITS>::SmStUnhandledExceptionFilter+0x7e
- ffffc50c`9add5ea0 fffff806`4699c399 : ffffc50c`00000002 ffffc50c`9add73d0 ffffc50c`9add1000 ffffc50c`9add8000 : nt!`SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue'::`1'::filt$0+0x22
- ffffc50c`9add5ed0 fffff806`469ca04f : ffffc50c`9add73d0 ffffc50c`9add64b0 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xa9
- ffffc50c`9add5f40 fffff806`468c3375 : 00000000`00000000 00000000`00000000 ffffc50c`9add64b0 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0xf
- ffffc50c`9add5f70 fffff806`468c790e : ffffc50c`9add6ea8 ffffc50c`9add6bf0 ffffc50c`9add6ea8 00000229`8b14efe0 : nt!RtlDispatchException+0x4a5
- ffffc50c`9add66c0 fffff806`469d321d : ffffb188`127a0600 fffff806`46886c8d 00000000`00010000 ffffc50c`9add6f50 : nt!KiDispatchException+0x16e
- ffffc50c`9add6d70 fffff806`469cf405 : 00000000`00000000 00000000`00000000 ffffc50c`9add7378 00000000`00000000 : nt!KiExceptionDispatch+0x11d
- ffffc50c`9add6f50 fffff806`4695e150 : ffff8000`fcd67000 ffffb188`127a4050 fffff806`4685cfc0 ffff8000`fcd67000 : nt!KiPageFault+0x445
- ffffc50c`9add70e8 fffff806`4685cfc0 : ffff8000`fcd67000 ffff8000`fcd67000 00000000`00000002 00000229`8b14efe0 : nt!RtlDecompressBufferXpressLz+0x50
- ffffc50c`9add7100 fffff806`4695fed9 : 00000000`00000000 fffff806`00000001 00000000`00000000 ffffb188`127a5788 : nt!RtlDecompressBufferEx+0x60
- ffffc50c`9add7150 fffff806`4695fd64 : 00000000`00000004 ffffc50c`9add7360 00000000`00000000 00000000`00000bd4 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffffc50c`9add7230 fffff806`4695fbe2 : 00000000`00000001 00000000`0000efe0 ffffb188`0000efe0 ffffb188`00008000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffc50c`9add7280 fffff806`4695fa0b : 00000000`ffffffff ffffb188`18671000 ffffc50c`9add7360 ffffb188`17313250 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffc50c`9add7320 fffff806`4695f851 : ffffb188`18671000 00000000`00000000 00000000`00000001 ffffb188`127a5788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffc50c`9add73d0 fffff806`4695f761 : ffffb188`127a4000 ffffb188`17313250 ffffb188`18671000 ffffb188`127a59b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffc50c`9add7450 fffff806`46869e18 : ffffb188`14b020c0 ffffb188`127a4000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffc50c`9add7480 fffff806`46962cc1 : fffff806`4695f740 ffffc50c`9add7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffc50c`9add74f0 fffff806`4694b941 : ffffc50c`9add75f0 fffff806`46d8db78 ffffb188`127a4000 ffffc50c`9add7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffc50c`9add75c0 fffff806`4694b527 : 00000000`0000000c ffffb188`127a4000 ffffc50c`9add7670 ffffb188`17313250 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffc50c`9add7610 fffff806`46961fd3 : 00000000`0000000c ffffb188`17313250 00000000`00000008 00000000`00000008 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffc50c`9add76a0 fffff806`469636af : ffffb188`00000008 ffffb188`18318930 00000000`00000000 ffffb188`127a4000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffc50c`9add7710 fffff806`4688e05b : ffffb188`12b93580 00000000`00000001 ffffb188`12b93640 fffff806`46874ee6 : nt!SmPageRead+0x33
- ffffc50c`9add7760 fffff806`4688d759 : 00000000`00000002 ffffc50c`9add77f0 ffffc50c`9add7958 fffff97c`80000240 : nt!MiIssueHardFaultIo+0x117
- ffffc50c`9add77b0 fffff806`46872f9b : 00000000`c0033333 00000000`00000001 00000000`090c5fac ffffb188`0f15c960 : nt!MiIssueHardFault+0x489
- ffffc50c`9add7860 fffff806`469cf320 : 00000000`00000001 ffffc50c`9add7a80 00000000`1b6db000 ffffc50c`9add7a80 : nt!MmAccessFault+0x40b
- ffffc50c`9add7a00 00000000`1cc7cbb1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
- 00000000`2328f064 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1cc7cbb1
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80646873034-fffff80646873038 5 bytes - nt!MmAccessFault+4a4
- [ df be 7d fb f6:2f 5f be 7c f9 ]
- fffff806468b17e7-fffff806468b17e8 2 bytes - nt!MiTerminateWsleCluster+b7 (+0x3e7b3)
- [ 80 f6:00 f9 ]
- fffff806468b184f-fffff806468b1853 5 bytes - nt!MiTerminateWsleCluster+11f (+0x68)
- [ d7 be 7d fb f6:27 5f be 7c f9 ]
- fffff806468b185d - nt!MiTerminateWsleCluster+12d (+0x0e)
- [ fa:95 ]
- fffff806468b187b-fffff806468b187c 2 bytes - nt!MiTerminateWsleCluster+14b (+0x1e)
- [ ff f6:7f f9 ]
- fffff806468b1882-fffff806468b1886 5 bytes - nt!MiTerminateWsleCluster+152 (+0x07)
- [ d0 be 7d fb f6:20 5f be 7c f9 ]
- fffff8064692066d - nt!MiZeroLargePage+39 (+0x6edeb)
- [ fa:95 ]
- fffff806469206c4 - nt!MiZeroLargePage+90 (+0x57)
- [ fa:95 ]
- fffff80646963797-fffff80646963798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x430d3)
- [ 48 ff:4c 8b ]
- fffff8064696379e-fffff806469637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
- [ 0f 1f 44 00:e8 1d 40 95 ]
- fffff80646a2c077-fffff80646a2c07b 5 bytes - nt!MiUpdatePrefetchPriority+16dbe7 (+0xc88d9)
- [ d7 be 7d fb f6:27 5f be 7c f9 ]
- 33 errors : !nt (fffff80646873034-fffff80646a2c07b)
- THREAD_SHA1_HASH_MOD_FUNC: be91335f728989fad5a9a5641f89ffee7fe3c14c
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 284d6f66330e36aa06844fea7f04f02730e9e11d
- THREAD_SHA1_HASH_MOD: 901685eb5ed44e617e07e22622321d209483595d
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: hardware_disk
- IMAGE_NAME: hardware_disk
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- FAILURE_BUCKET_ID: 0x154_c0000006_c0000483_IMAGE_hardware_disk
- BUCKET_ID: 0x154_c0000006_c0000483_IMAGE_hardware_disk
- PRIMARY_PROBLEM_CLASS: 0x154_c0000006_c0000483_IMAGE_hardware_disk
- TARGET_TIME: 2020-07-23T10:20:19.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:0x154_c0000006_c0000483_image_hardware_disk
- FAILURE_ID_HASH: {d170a5ab-ac8b-0fed-3160-792217daec42}
- Followup: MachineOwner
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 12 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- Apr 28 2020 - klgse.sys - Kaspersky Security Extender driver
- Apr 28 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- Jun 11 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Jun 13 2020 - vgk.sys - Vanguard Anti-Cheat driver
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Nov 13 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Wed Feb 12 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
- Image name: klupd_klif_klark.sys
- Search : https://www.google.com/search?q=klupd_klif_klark.sys
- ADA Info : Kaspersky https://www.kaspersky.com/
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Tue Apr 28 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Tue Apr 28 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Thu Jun 11 2020
- Image path: \??\C:\Program Files\Riot Vanguard\vgk.sys
- Image name: vgk.sys
- Search : https://www.google.com/search?q=vgk.sys
- ADA Info : Vanguard Anti-Cheat driver
- Timestamp : Sat Jun 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff806`44800000 fffff806`4496a000 EasyAntiChea
- fffff806`454e0000 fffff806`454ef000 hiber_storpo
- fffff806`454f0000 fffff806`4551f000 hiber_storah
- fffff806`45520000 fffff806`4553e000 hiber_dumpfv
- fffff806`52820000 fffff806`52859000 klids.sys
- fffff806`51490000 fffff806`5149f000 dump_storpor
- fffff806`514d0000 fffff806`514ff000 dump_storahc
- fffff806`51520000 fffff806`5153e000 dump_dumpfve
- fffff806`543d0000 fffff806`543db000 klpnpflt.sys
- fffff806`54360000 fffff806`5436b000 klpnpflt.sys
- fffff806`52690000 fffff806`5269b000 klpnpflt.sys
- fffff806`528c0000 fffff806`528de000 dam.sys
- fffff806`499b0000 fffff806`499be000 klelam.sys
- fffff806`4a9e0000 fffff806`4a9f0000 hwpolicy.sys
- ====================== Dump #1: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #1: Extra #1 ===========================
- 1: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #1: Extra #2 ===========================
- 1: kd> !thread
- THREAD ffffb18814b020c0 Cid 1280.2418 Teb: 000000001b6db000 Win32Thread: 0000000000000000 RUNNING on processor 1
- Not impersonating
- GetUlongFromAddress: unable to read from fffff80646c2ca14
- Owning Process ffffb18812b93080 Image: System Process
- Attached Process ffffb188127a0040 Image: MemCompression
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 5301971
- Context Switch Count 739818 IdealProcessor: 1
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x0000000066d40018
- Stack Init ffffc50c9add7b90 Current ffffc50c9add6800
- Base ffffc50c9add8000 Limit ffffc50c9add1000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffc50c`9add5e48 fffff806`46b21aea : 00000000`00000154 ffffb188`127a4000 ffffc50c`9add5f00 00000000`00000002 : nt!KeBugCheckEx
- ffffc50c`9add5e50 fffff806`469db1de : ffffb188`127a4000 ffffc50c`9add5f00 fffff806`00000002 fffff806`46833926 : nt!SMKM_STORE<SM_TRAITS>::SmStUnhandledExceptionFilter+0x7e
- ffffc50c`9add5ea0 fffff806`4699c399 : ffffc50c`00000002 ffffc50c`9add73d0 ffffc50c`9add1000 ffffc50c`9add8000 : nt!`SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue'::`1'::filt$0+0x22
- ffffc50c`9add5ed0 fffff806`469ca04f : ffffc50c`9add73d0 ffffc50c`9add64b0 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xa9
- ffffc50c`9add5f40 fffff806`468c3375 : 00000000`00000000 00000000`00000000 ffffc50c`9add64b0 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0xf
- ffffc50c`9add5f70 fffff806`468c790e : ffffc50c`9add6ea8 ffffc50c`9add6bf0 ffffc50c`9add6ea8 00000229`8b14efe0 : nt!RtlDispatchException+0x4a5
- ffffc50c`9add66c0 fffff806`469d321d : ffffb188`127a0600 fffff806`46886c8d 00000000`00010000 ffffc50c`9add6f50 : nt!KiDispatchException+0x16e
- ffffc50c`9add6d70 fffff806`469cf405 : 00000000`00000000 00000000`00000000 ffffc50c`9add7378 00000000`00000000 : nt!KiExceptionDispatch+0x11d
- ffffc50c`9add6f50 fffff806`4695e150 : ffff8000`fcd67000 ffffb188`127a4050 fffff806`4685cfc0 ffff8000`fcd67000 : nt!KiPageFault+0x445 (TrapFrame @ ffffc50c`9add6f50)
- ffffc50c`9add70e8 fffff806`4685cfc0 : ffff8000`fcd67000 ffff8000`fcd67000 00000000`00000002 00000229`8b14efe0 : nt!RtlDecompressBufferXpressLz+0x50
- ffffc50c`9add7100 fffff806`4695fed9 : 00000000`00000000 fffff806`00000001 00000000`00000000 ffffb188`127a5788 : nt!RtlDecompressBufferEx+0x60
- ffffc50c`9add7150 fffff806`4695fd64 : 00000000`00000004 ffffc50c`9add7360 00000000`00000000 00000000`00000bd4 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffffc50c`9add7230 fffff806`4695fbe2 : 00000000`00000001 00000000`0000efe0 ffffb188`0000efe0 ffffb188`00008000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffc50c`9add7280 fffff806`4695fa0b : 00000000`ffffffff ffffb188`18671000 ffffc50c`9add7360 ffffb188`17313250 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffc50c`9add7320 fffff806`4695f851 : ffffb188`18671000 00000000`00000000 00000000`00000001 ffffb188`127a5788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffc50c`9add73d0 fffff806`4695f761 : ffffb188`127a4000 ffffb188`17313250 ffffb188`18671000 ffffb188`127a59b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffc50c`9add7450 fffff806`46869e18 : ffffb188`14b020c0 ffffb188`127a4000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffc50c`9add7480 fffff806`46962cc1 : fffff806`4695f740 ffffc50c`9add7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffc50c`9add74f0 fffff806`4694b941 : ffffc50c`9add75f0 fffff806`46d8db78 ffffb188`127a4000 ffffc50c`9add7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffc50c`9add75c0 fffff806`4694b527 : 00000000`0000000c ffffb188`127a4000 ffffc50c`9add7670 ffffb188`17313250 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffc50c`9add7610 fffff806`46961fd3 : 00000000`0000000c ffffb188`17313250 00000000`00000008 00000000`00000008 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffc50c`9add76a0 fffff806`469636af : ffffb188`00000008 ffffb188`18318930 00000000`00000000 ffffb188`127a4000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffc50c`9add7710 fffff806`4688e05b : ffffb188`12b93580 00000000`00000001 ffffb188`12b93640 fffff806`46874ee6 : nt!SmPageRead+0x33
- ffffc50c`9add7760 fffff806`4688d759 : 00000000`00000002 ffffc50c`9add77f0 ffffc50c`9add7958 fffff97c`80000240 : nt!MiIssueHardFaultIo+0x117
- ffffc50c`9add77b0 fffff806`46872f9b : 00000000`c0033333 00000000`00000001 00000000`090c5fac ffffb188`0f15c960 : nt!MiIssueHardFault+0x489
- ffffc50c`9add7860 fffff806`469cf320 : 00000000`00000001 ffffc50c`9add7a80 00000000`1b6db000 ffffc50c`9add7a80 : nt!MmAccessFault+0x40b
- ffffc50c`9add7a00 00000000`1cc7cbb1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffffc50c`9add7a00)
- 00000000`2328f064 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x1cc7cbb1
- ========================================================================
- ======================= Dump #2: ANALYZE VERBOSE =======================
- ====================== File: 072220-64359-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff805`26a00000 PsLoadedModuleList = 0xfffff805`26e48210
- Debug session time: Wed Jul 22 06:46:20.997 2020 (UTC - 4:00)
- System Uptime: 1 days 1:37:12.190
- BugCheck 1E, {ffffffffc0000006, fffff8052704d3bf, 0, 193c53f3008}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- KMODE_EXCEPTION_NOT_HANDLED (1e)
- This is a very common bugcheck. Usually the exception address pinpoints
- the driver/function that caused the problem. Always note this address
- as well as the link date of the driver/image that contains this address.
- Arguments:
- Arg1: ffffffffc0000006, The exception code that was not handled
- Arg2: fffff8052704d3bf, The address that the exception occurred at
- Arg3: 0000000000000000, Parameter 0 of the exception
- Arg4: 00000193c53f3008, Parameter 1 of the exception
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
- FAULTING_IP:
- nt!HvpFindFreeCellInBin+f
- fffff805`2704d3bf 458b5908 mov r11d,dword ptr [r9+8]
- EXCEPTION_PARAMETER2: 00000193c53f3008
- BUGCHECK_STR: 0x1E_c0000006
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: Registry
- CURRENT_IRQL: 0
- EXCEPTION_RECORD: ffffaf046f304640 -- (.exr 0xffffaf046f304640)
- ExceptionAddress: 0000000000000000
- ExceptionCode: 00000000
- ExceptionFlags: 00000000
- NumberParameters: 0
- TRAP_FRAME: 0000000000008000 -- (.trap 0x8000)
- Unable to read trap frame at 00000000`00008000
- LAST_CONTROL_TRANSFER: from fffff80526c2fd3f to fffff80526bc1220
- STACK_TEXT:
- fffff60c`ad57e588 fffff805`26c2fd3f : 00000000`0000001e ffffffff`c0000006 fffff805`2704d3bf 00000000`00000000 : nt!KeBugCheckEx
- fffff60c`ad57e590 fffff805`26bd321d : ffffaf04`6f304640 fffff805`26a86c8d 00000000`00008000 fffff60c`ad57ee20 : nt!KiDispatchException+0x16859f
- fffff60c`ad57ec40 fffff805`26bcf405 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x11d
- fffff60c`ad57ee20 fffff805`2704d3bf : 00000000`00000000 00000000`ffffffff 00000000`001ff000 ffff9a88`97aa0000 : nt!KiPageFault+0x445
- fffff60c`ad57efb0 fffff805`2704d0d4 : 00000000`00000120 00000000`001ff000 00000000`00011ae7 ffff9a88`97aa0000 : nt!HvpFindFreeCellInBin+0xf
- fffff60c`ad57efe0 fffff805`2704d1e9 : ffff9a88`97aa0050 00000000`00003063 00000000`00000068 ffff9a88`03062000 : nt!HvpFindFreeCell+0x120
- fffff60c`ad57f060 fffff805`27053a76 : ffff9a88`97aa0000 00000000`00000000 ffff9a88`97aa0000 fffff60c`ad57f130 : nt!HvpDoAllocateCell+0x75
- fffff60c`ad57f0f0 fffff805`27051a72 : 00000000`00000000 ffff9a88`97aa0000 00000193`c53f4e0c fffff60c`ad57f1b0 : nt!HvReallocateCell+0xba
- fffff60c`ad57f170 fffff805`2704adf0 : 01d66015`56260d6f 00000000`00000000 ffff9a88`97aec930 fffff60c`00000003 : nt!CmpSetValueKeyExisting+0x22a
- fffff60c`ad57f1e0 fffff805`2704a776 : fffff60c`00000001 fffff60c`ad57f480 00000000`00000000 00000004`ffffff01 : nt!CmSetValueKey+0x520
- fffff60c`ad57f380 fffff805`26bd2b15 : 00000000`ffffffff fffff805`26a71006 fffff60c`ad57f6a0 00000000`00000000 : nt!NtSetValueKey+0x646
- fffff60c`ad57f570 fffff805`26bc5060 : fffff805`2700e71b 00000000`00000000 fffff60c`ad57fa80 ffff9a88`9c154400 : nt!KiSystemServiceCopyEnd+0x25
- fffff60c`ad57f778 fffff805`2700e71b : 00000000`00000000 fffff60c`ad57fa80 ffff9a88`9c154400 fffff805`00000000 : nt!KiServiceLinkage
- fffff60c`ad57f780 fffff805`2700c6a2 : 00000000`0000005a 00000000`00000000 fffff60c`ad57fa80 00000000`0000005a : nt!ExpWnfWriteStateData+0x173
- fffff60c`ad57f890 fffff805`26bd2b15 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffaf04`7f289800 : nt!NtUpdateWnfStateData+0x262
- fffff60c`ad57f990 00007ff8`ecbdf9b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 00000068`fb8fd9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`ecbdf9b4
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !FLTMGR
- fffff805294fef25-fffff805294fef26 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+35
- [ 48 ff:4c 8b ]
- fffff805294fef2c-fffff805294fef30 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+3c (+0x07)
- [ 0f 1f 44 00 00:e8 df 74 56 fd ]
- fffff805294fef3a-fffff805294fef3b 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+4a (+0x0e)
- [ 48 ff:4c 8b ]
- fffff805294fef41-fffff805294fef45 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+51 (+0x07)
- [ 0f 1f 44 00 00:e8 8a 81 53 fd ]
- fffff805294fef8a-fffff805294fef8b 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+9a (+0x49)
- [ 48 ff:4c 8b ]
- fffff805294fef91-fffff805294fef97 7 bytes - FLTMGR!DeleteStreamListCtrlCallback+a1 (+0x07)
- [ 0f 1f 44 00 00 48 ff:e8 ba 79 53 fd 4c 8b ]
- fffff805294fef9d-fffff805294fefa1 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+ad (+0x0c)
- [ 0f 1f 44 00 00:e8 2e 74 56 fd ]
- 28 errors : !FLTMGR (fffff805294fef25-fffff805294fefa1)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-07-22T10:46:20.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #2: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 03 2016 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 12 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- Apr 28 2020 - klgse.sys - Kaspersky Security Extender driver
- Apr 28 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- Jun 11 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Jun 13 2020 - vgk.sys - Vanguard Anti-Cheat driver
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Fri Jun 3 2016
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Wed Feb 12 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
- Image name: klupd_klif_klark.sys
- Search : https://www.google.com/search?q=klupd_klif_klark.sys
- ADA Info : Kaspersky https://www.kaspersky.com/
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Tue Apr 28 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Tue Apr 28 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Thu Jun 11 2020
- Image path: \??\C:\Program Files\Riot Vanguard\vgk.sys
- Image name: vgk.sys
- Search : https://www.google.com/search?q=vgk.sys
- ADA Info : Vanguard Anti-Cheat driver
- Timestamp : Sat Jun 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #2: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- xusb22.sys Xbox 360 Common Controller for Windows driver (Microsoft)
- ====================== Dump #2: UNLOADED MODULES =======================
- fffff805`34ef0000 fffff805`34eff000 hiber_storpo
- fffff805`30c30000 fffff805`30c5f000 hiber_storah
- fffff805`36fe0000 fffff805`36ffe000 hiber_dumpfv
- fffff805`351c0000 fffff805`351d9000 monitor.sys
- fffff805`30c00000 fffff805`30c21000 xusb22.sys
- fffff805`36fe0000 fffff805`36ff1000 libusbK.sys
- fffff805`36fe0000 fffff805`36ff1000 libusbK.sys
- fffff805`280e0000 fffff805`2824a000 EasyAntiChea
- fffff805`36fe0000 fffff805`36ff1000 libusbK.sys
- fffff805`32340000 fffff805`32379000 klids.sys
- fffff805`30fb0000 fffff805`30fbf000 dump_storpor
- fffff805`30c00000 fffff805`30c2f000 dump_storahc
- fffff805`30c50000 fffff805`30c6e000 dump_dumpfve
- fffff805`34f60000 fffff805`34f6b000 klpnpflt.sys
- fffff805`34ef0000 fffff805`34efb000 klpnpflt.sys
- fffff805`34900000 fffff805`3490b000 klpnpflt.sys
- fffff805`323e0000 fffff805`323fe000 dam.sys
- fffff805`299b0000 fffff805`299be000 klelam.sys
- fffff805`2a9e0000 fffff805`2a9f0000 hwpolicy.sys
- ====================== Dump #2: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #2: Extra #1 ===========================
- 2: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #2: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffaf047e892080 Cid 2190.0b00 Teb: 00000068fb645000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Not impersonating
- GetUlongFromAddress: unable to read from fffff80526e2ca14
- Owning Process ffffaf047e80b080 Image: System Process
- Attached Process ffffaf046f304080 Image: Registry
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 5902860
- Context Switch Count 87 IdealProcessor: 0
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff8ecb73d60
- Stack Init fffff60cad57fb90 Current fffff60cad57dae0
- Base fffff60cad580000 Limit fffff60cad579000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Scheduling Group: ffffaf0479710820 <Cannot find Rank field of nt!_KSCB> KSCB: ffffaf0479710bf0 rank 0
- Child-SP RetAddr : Args to Child : Call Site
- fffff60c`ad57e588 fffff805`26c2fd3f : 00000000`0000001e ffffffff`c0000006 fffff805`2704d3bf 00000000`00000000 : nt!KeBugCheckEx
- fffff60c`ad57e590 fffff805`26bd321d : ffffaf04`6f304640 fffff805`26a86c8d 00000000`00008000 fffff60c`ad57ee20 : nt!KiDispatchException+0x16859f
- fffff60c`ad57ec40 fffff805`26bcf405 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x11d
- fffff60c`ad57ee20 fffff805`2704d3bf : 00000000`00000000 00000000`ffffffff 00000000`001ff000 ffff9a88`97aa0000 : nt!KiPageFault+0x445 (TrapFrame @ fffff60c`ad57ee20)
- fffff60c`ad57efb0 fffff805`2704d0d4 : 00000000`00000120 00000000`001ff000 00000000`00011ae7 ffff9a88`97aa0000 : nt!HvpFindFreeCellInBin+0xf
- fffff60c`ad57efe0 fffff805`2704d1e9 : ffff9a88`97aa0050 00000000`00003063 00000000`00000068 ffff9a88`03062000 : nt!HvpFindFreeCell+0x120
- fffff60c`ad57f060 fffff805`27053a76 : ffff9a88`97aa0000 00000000`00000000 ffff9a88`97aa0000 fffff60c`ad57f130 : nt!HvpDoAllocateCell+0x75
- fffff60c`ad57f0f0 fffff805`27051a72 : 00000000`00000000 ffff9a88`97aa0000 00000193`c53f4e0c fffff60c`ad57f1b0 : nt!HvReallocateCell+0xba
- fffff60c`ad57f170 fffff805`2704adf0 : 01d66015`56260d6f 00000000`00000000 ffff9a88`97aec930 fffff60c`00000003 : nt!CmpSetValueKeyExisting+0x22a
- fffff60c`ad57f1e0 fffff805`2704a776 : fffff60c`00000001 fffff60c`ad57f480 00000000`00000000 00000004`ffffff01 : nt!CmSetValueKey+0x520
- fffff60c`ad57f380 fffff805`26bd2b15 : 00000000`ffffffff fffff805`26a71006 fffff60c`ad57f6a0 00000000`00000000 : nt!NtSetValueKey+0x646
- fffff60c`ad57f570 fffff805`26bc5060 : fffff805`2700e71b 00000000`00000000 fffff60c`ad57fa80 ffff9a88`9c154400 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff60c`ad57f5e0)
- fffff60c`ad57f778 fffff805`2700e71b : 00000000`00000000 fffff60c`ad57fa80 ffff9a88`9c154400 fffff805`00000000 : nt!KiServiceLinkage
- fffff60c`ad57f780 fffff805`2700c6a2 : 00000000`0000005a 00000000`00000000 fffff60c`ad57fa80 00000000`0000005a : nt!ExpWnfWriteStateData+0x173
- fffff60c`ad57f890 fffff805`26bd2b15 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffaf04`7f289800 : nt!NtUpdateWnfStateData+0x262
- fffff60c`ad57f990 00007ff8`ecbdf9b4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff60c`ad57fa00)
- 00000068`fb8fd9d8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`ecbdf9b4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement