Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- ========================================================================
- =================== Dump File: 071417-13406-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Kernel base = 0xfffff802`1ea8c000 PsLoadedModuleList = 0xfffff802`1edd85a0
- Debug session time: Thu Jul 13 12:51:05.852 2017 (UTC - 4:00)
- System Uptime: 0 days 0:00:46.494
- BugCheck EF, {ffff988cc624b7c0, 0, 0, 0}
- ETW minidump data unavailable
- Probably caused by : ntkrnlmp.exe ( nt!PspCatchCriticalBreak+c9 )
- Followup: MachineOwner
- CRITICAL_PROCESS_DIED (ef)
- A critical system process died
- Arguments:
- Arg1: ffff988cc624b7c0, Process object or thread object
- Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a thread died.
- Arg3: 0000000000000000
- Arg4: 0000000000000000
- Debugging Details:
- ETW minidump data unavailable
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: System manufacturer
- SYSTEM_PRODUCT_NAME: System Product Name
- SYSTEM_SKU: SKU
- SYSTEM_VERSION: System Version
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 3401
- BIOS_DATE: 01/25/2017
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
- BASEBOARD_VERSION: Rev 1.xx
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- PROCESS_NAME: svchost.exe
- CRITICAL_PROCESS: svchost.exe
- EXCEPTION_CODE: (NTSTATUS) 0xc8889080 - <Unable to get error code text>
- ERROR_CODE: (NTSTATUS) 0xc8889080 - <Unable to get error code text>
- CPU_COUNT: 4
- CPU_MHZ: ed0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0xEF
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: USERNAME-PC
- ANALYSIS_SESSION_TIME: 07-13-2017 13:28:02.0950
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from fffff8021f16c521 to fffff8021ebf7fd0
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 042a2b51772309c39e12d732cc93cacf0af3064e
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6b62f4c7c374c10f1fc21cb41e4b63d4d9c2c353
- THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
- FOLLOWUP_IP:
- nt!PspCatchCriticalBreak+c9
- fffff802`1f16c521 cc int 3
- FAULT_INSTR_CODE: ff8440cc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!PspCatchCriticalBreak+c9
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
- IMAGE_VERSION: 10.0.15063.0
- BUCKET_ID_FUNC_OFFSET: c9
- FAILURE_BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_c8889080_nt!PspCatchCriticalBreak
- BUCKET_ID: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_c8889080_nt!PspCatchCriticalBreak
- PRIMARY_PROBLEM_CLASS: 0xEF_svchost.exe_BUGCHECK_CRITICAL_PROCESS_c8889080_nt!PspCatchCriticalBreak
- TARGET_TIME: 2017-07-13T16:51:05.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 82d
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0xef_svchost.exe_bugcheck_critical_process_c8889080_nt!pspcatchcriticalbreak
- FAILURE_ID_HASH: {f64387ae-6ed5-8689-e982-0ec88c9ad0f6}
- Followup: MachineOwner
- ========================================================================
- =================== Dump File: 071417-13734-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Kernel base = 0xfffff800`36e87000 PsLoadedModuleList = 0xfffff800`371d35a0
- Debug session time: Thu Jul 13 12:57:06.597 2017 (UTC - 4:00)
- System Uptime: 0 days 0:00:25.240
- BugCheck 3B, {c0000005, fffff800ba4fb43b, ffffd3004614e780, 0}
- *** WARNING: Unable to verify timestamp for nvlddmkm.sys
- *** ERROR: Module load completed but symbols could not be loaded for nvlddmkm.sys
- Probably caused by : nvlddmkm.sys ( nvlddmkm+2cb43b )
- Followup: MachineOwner
- SYSTEM_SERVICE_EXCEPTION (3b)
- An exception happened while executing a system service routine.
- Arguments:
- Arg1: 00000000c0000005, Exception code that caused the bugcheck
- Arg2: fffff800ba4fb43b, Address of the instruction which caused the bugcheck
- Arg3: ffffd3004614e780, Address of the context record for the exception that caused the bugcheck
- Arg4: 0000000000000000, zero.
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.
- FAULTING_IP:
- nvlddmkm+2cb43b
- fffff800`ba4fb43b 483b5008 cmp rdx,qword ptr [rax+8]
- CONTEXT: ffffd3004614e780 -- (.cxr 0xffffd3004614e780)
- rax=8189480000020089 rbx=0000000000000000 rcx=ffffbd0667189260
- rdx=00000000caf0013a rsi=0000000000000000 rdi=ffffbd06671891e0
- rip=fffff800ba4fb43b rsp=ffffd3004614f180 rbp=ffffd3004614f230
- r8=8189480000020089 r9=ffffbd06653f1298 r10=00000000caf0013a
- r11=0000000000000801 r12=ffffbd0667210cb0 r13=0000000000000002
- r14=0000000000000000 r15=00000000c1d00000
- iopl=0 nv up ei ng nz na pe nc
- cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010282
- nvlddmkm+0x2cb43b:
- fffff800`ba4fb43b 483b5008 cmp rdx,qword ptr [rax+8] ds:002b:81894800`00020091=????????????????
- Resetting default scope
- CPU_COUNT: 4
- CPU_MHZ: ed0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- BUGCHECK_STR: 0x3B
- PROCESS_NAME: ShellExperienc
- CURRENT_IRQL: 0
- ANALYSIS_SESSION_HOST: USERNAME-PC
- ANALYSIS_SESSION_TIME: 07-13-2017 13:30:05.0199
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from 00000000c1d00000 to fffff800ba4fb43b
- THREAD_SHA1_HASH_MOD_FUNC: d79c3f9e9541b50dff558588ee91b494a55f2aae
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: aec45d7f8a6ffa744cacd570be4de2306ffa003f
- THREAD_SHA1_HASH_MOD: d79c3f9e9541b50dff558588ee91b494a55f2aae
- FOLLOWUP_IP:
- nvlddmkm+2cb43b
- fffff800`ba4fb43b 483b5008 cmp rdx,qword ptr [rax+8]
- FAULT_INSTR_CODE: 8503b48
- SYMBOL_STACK_INDEX: 0
- SYMBOL_NAME: nvlddmkm+2cb43b
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nvlddmkm
- IMAGE_NAME: nvlddmkm.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 5952b9c9
- STACK_COMMAND: .cxr 0xffffd3004614e780 ; kb
- BUCKET_ID_FUNC_OFFSET: 2cb43b
- FAILURE_BUCKET_ID: 0x3B_nvlddmkm!unknown_function
- BUCKET_ID: 0x3B_nvlddmkm!unknown_function
- PRIMARY_PROBLEM_CLASS: 0x3B_nvlddmkm!unknown_function
- TARGET_TIME: 2017-07-13T16:57:06.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 930
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x3b_nvlddmkm!unknown_function
- FAILURE_ID_HASH: {5faea9a9-bcb0-9dde-d8e2-ecf171c18fe4}
- Followup: MachineOwner
- ========================================================================
- =================== Dump File: 071417-4015-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Kernel base = 0xfffff800`2800d000 PsLoadedModuleList = 0xfffff800`283595a0
- Debug session time: Thu Jul 13 12:39:18.021 2017 (UTC - 4:00)
- System Uptime: 0 days 0:03:02.664
- BugCheck 139, {3, ffff8181b6ae1520, ffff8181b6ae1478, 0}
- Probably caused by : win32kbase.sys ( win32kbase!UserDeleteAtomFromAtomTable+1b )
- Followup: MachineOwner
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffff8181b6ae1520, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffff8181b6ae1478, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: System manufacturer
- SYSTEM_PRODUCT_NAME: System Product Name
- SYSTEM_SKU: SKU
- SYSTEM_VERSION: System Version
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 3401
- BIOS_DATE: 01/25/2017
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
- BASEBOARD_VERSION: Rev 1.xx
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- TRAP_FRAME: ffff8181b6ae1520 -- (.trap 0xffff8181b6ae1520)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffa78c895c88d0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff800280f9490 rsp=ffff8181b6ae16b0 rbp=ffffa78c895c88d0
- r8=0000000000000000 r9=0000000000000000 r10=ffffce8840892170
- r11=ffff8181b6ae1708 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl nz na pe cy
- nt!RtlpFreeAllAtom+0xa0:
- fffff800`280f9490 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffff8181b6ae1478 -- (.exr 0xffff8181b6ae1478)
- ExceptionAddress: fffff800280f9490 (nt!RtlpFreeAllAtom+0x00000000000000a0)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CPU_COUNT: 4
- CPU_MHZ: ed0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
- BUGCHECK_STR: 0x139
- PROCESS_NAME: RzSynapse.exe
- CURRENT_IRQL: 0
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- ANALYSIS_SESSION_HOST: USERNAME-PC
- ANALYSIS_SESSION_TIME: 07-13-2017 13:31:24.0725
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from fffff800281843a9 to fffff80028178fd0
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: e8c1230e398c69eddd21d4164cafe21b2e2c193f
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 95b8451929028513ecbe2e107c80dd5cd8010dcc
- THREAD_SHA1_HASH_MOD: c985323f44347fa523f7f40e7694bd09fd578e04
- FOLLOWUP_IP:
- win32kbase!UserDeleteAtomFromAtomTable+1b
- ffffceb6`10e8a8cb 8bc8 mov ecx,eax
- FAULT_INSTR_CODE: c033c88b
- SYMBOL_STACK_INDEX: 7
- SYMBOL_NAME: win32kbase!UserDeleteAtomFromAtomTable+1b
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: win32kbase
- IMAGE_NAME: win32kbase.sys
- DEBUG_FLR_IMAGE_TIMESTAMP: 494848c5
- IMAGE_VERSION: 10.0.15063.0
- BUCKET_ID_FUNC_OFFSET: 1b
- FAILURE_BUCKET_ID: 0x139_3_win32kbase!UserDeleteAtomFromAtomTable
- BUCKET_ID: 0x139_3_win32kbase!UserDeleteAtomFromAtomTable
- PRIMARY_PROBLEM_CLASS: 0x139_3_win32kbase!UserDeleteAtomFromAtomTable
- TARGET_TIME: 2017-07-13T16:39:18.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 5cb
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x139_3_win32kbase!userdeleteatomfromatomtable
- FAILURE_ID_HASH: {86421495-38f3-3f26-dfcf-ff319ff927ba}
- Followup: MachineOwner
- ========================================================================
- =================== Dump File: 071417-4031-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Kernel base = 0xfffff802`14c9b000 PsLoadedModuleList = 0xfffff802`14fe75a0
- Debug session time: Thu Jul 13 12:35:44.668 2017 (UTC - 4:00)
- System Uptime: 0 days 0:00:10.310
- BugCheck 139, {3, ffffae80fd567510, ffffae80fd567468, 0}
- Probably caused by : ntkrnlmp.exe ( nt!KiFastFailDispatch+d0 )
- Followup: MachineOwner
- KERNEL_SECURITY_CHECK_FAILURE (139)
- A kernel component has corrupted a critical data structure. The corruption
- could potentially allow a malicious user to gain control of this machine.
- Arguments:
- Arg1: 0000000000000003, A LIST_ENTRY has been corrupted (i.e. double remove).
- Arg2: ffffae80fd567510, Address of the trap frame for the exception that caused the bugcheck
- Arg3: ffffae80fd567468, Address of the exception record for the exception that caused the bugcheck
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: System manufacturer
- SYSTEM_PRODUCT_NAME: System Product Name
- SYSTEM_SKU: SKU
- SYSTEM_VERSION: System Version
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 3401
- BIOS_DATE: 01/25/2017
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
- BASEBOARD_VERSION: Rev 1.xx
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- TRAP_FRAME: ffffae80fd567510 -- (.trap 0xffffae80fd567510)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffc083fc5b2990 rbx=0000000000000000 rcx=0000000000000003
- rdx=ffffc083fc15bd30 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff80d72bb8f49 rsp=ffffae80fd5676a0 rbp=0000000000000705
- r8=0000000000000001 r9=0000000000000000 r10=ffffd78cadb02ac0
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po cy
- FLTMGR!DeleteStreamListCtrlCallback+0xa9:
- fffff80d`72bb8f49 cd29 int 29h
- Resetting default scope
- EXCEPTION_RECORD: ffffae80fd567468 -- (.exr 0xffffae80fd567468)
- ExceptionAddress: fffff80d72bb8f49 (FLTMGR!DeleteStreamListCtrlCallback+0x00000000000000a9)
- ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
- ExceptionFlags: 00000001
- NumberParameters: 1
- Parameter[0]: 0000000000000003
- Subcode: 0x3 FAST_FAIL_CORRUPT_LIST_ENTRY
- CPU_COUNT: 4
- CPU_MHZ: ed0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: LIST_ENTRY_CORRUPT
- BUGCHECK_STR: 0x139
- PROCESS_NAME: System
- CURRENT_IRQL: 0
- ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
- EXCEPTION_CODE_STR: c0000409
- EXCEPTION_PARAMETER1: 0000000000000003
- ANALYSIS_SESSION_HOST: USERNAME-PC
- ANALYSIS_SESSION_TIME: 07-13-2017 13:33:33.0551
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from fffff80214e123a9 to fffff80214e06fd0
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: 7c19ae7fe4384875900e36a0756fa38cc023c596
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 31cb24abf7f6bddfa275114ebaa96cf7131ebdb3
- THREAD_SHA1_HASH_MOD: 78965af67db007e7c01c95a37ac89a4fc9c5727a
- FOLLOWUP_IP:
- nt!KiFastFailDispatch+d0
- fffff802`14e12710 c644242000 mov byte ptr [rsp+20h],0
- FAULT_INSTR_CODE: 202444c6
- SYMBOL_STACK_INDEX: 2
- SYMBOL_NAME: nt!KiFastFailDispatch+d0
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- IMAGE_NAME: ntkrnlmp.exe
- DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
- IMAGE_VERSION: 10.0.15063.0
- BUCKET_ID_FUNC_OFFSET: d0
- FAILURE_BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
- BUCKET_ID: 0x139_3_nt!KiFastFailDispatch
- PRIMARY_PROBLEM_CLASS: 0x139_3_nt!KiFastFailDispatch
- TARGET_TIME: 2017-07-13T16:35:44.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 5be
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x139_3_nt!kifastfaildispatch
- FAILURE_ID_HASH: {36173680-6f08-995f-065a-3d368c996911}
- Followup: MachineOwner
- ========================================================================
- =================== Dump File: 071417-4250-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Kernel base = 0xfffff802`a0686000 PsLoadedModuleList = 0xfffff802`a09d25a0
- Debug session time: Thu Jul 13 12:59:10.507 2017 (UTC - 4:00)
- System Uptime: 0 days 0:01:11.150
- BugCheck 1A, {41792, ffff9c3ffdef9068, 9000, 0}
- Probably caused by : memory_corruption ( nt!MiDeleteVirtualAddresses+1334a2 )
- Followup: MachineOwner
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
- the PTE. Parameters 3/4 contain the low/high parts of the PTE.
- Arg2: ffff9c3ffdef9068
- Arg3: 0000000000009000
- Arg4: 0000000000000000
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: System manufacturer
- SYSTEM_PRODUCT_NAME: System Product Name
- SYSTEM_SKU: SKU
- SYSTEM_VERSION: System Version
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 3401
- BIOS_DATE: 01/25/2017
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
- BASEBOARD_VERSION: Rev 1.xx
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- BUGCHECK_STR: 0x1a_41792
- CPU_COUNT: 4
- CPU_MHZ: ed0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: mobsync.exe
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: USERNAME-PC
- ANALYSIS_SESSION_TIME: 07-13-2017 13:34:58.0001
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from fffff802a081ec82 to fffff802a07f1fd0
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: b34de76feae571fa519e22f15eb8906b50278b74
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: d7d808c457dfba8ec523ce7071abb5b9e8792ce1
- THREAD_SHA1_HASH_MOD: ee8fcf1fb60cb6e3e2f60ddbed2ec02b5748a693
- FOLLOWUP_IP:
- nt!MiDeleteVirtualAddresses+1334a2
- fffff802`a081ec82 cc int 3
- FAULT_INSTR_CODE: b70f41cc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!MiDeleteVirtualAddresses+1334a2
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
- IMAGE_VERSION: 10.0.15063.0
- IMAGE_NAME: memory_corruption
- BUCKET_ID_FUNC_OFFSET: 1334a2
- FAILURE_BUCKET_ID: 0x1a_41792_nt!MiDeleteVirtualAddresses
- BUCKET_ID: 0x1a_41792_nt!MiDeleteVirtualAddresses
- PRIMARY_PROBLEM_CLASS: 0x1a_41792_nt!MiDeleteVirtualAddresses
- TARGET_TIME: 2017-07-13T16:59:10.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 5b0
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x1a_41792_nt!mideletevirtualaddresses
- FAILURE_ID_HASH: {415d883e-e5d4-b664-6ba0-61892eb78682}
- Followup: MachineOwner
- ========================================================================
- =================== Dump File: 071417-5078-01.dmp ====================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 15063 MP (4 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Kernel base = 0xfffff800`4ec1f000 PsLoadedModuleList = 0xfffff800`4ef6b5a0
- Debug session time: Thu Jul 13 12:56:14.618 2017 (UTC - 4:00)
- System Uptime: 0 days 0:00:51.260
- BugCheck 1A, {41201, ffff87bffede24d8, 1452f0025, ffff8909db2ab9c0}
- Probably caused by : memory_corruption ( nt!MiGetPageProtection+12ff01 )
- Followup: MachineOwner
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000041201, The subtype of the bugcheck.
- Arg2: ffff87bffede24d8
- Arg3: 00000001452f0025
- Arg4: ffff8909db2ab9c0
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- BUILD_VERSION_STRING: 10.0.15063.0 (WinBuild.160101.0800)
- SYSTEM_MANUFACTURER: System manufacturer
- SYSTEM_PRODUCT_NAME: System Product Name
- SYSTEM_SKU: SKU
- SYSTEM_VERSION: System Version
- BIOS_VENDOR: American Megatrends Inc.
- BIOS_VERSION: 3401
- BIOS_DATE: 01/25/2017
- BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC.
- BASEBOARD_PRODUCT: MAXIMUS VIII RANGER
- BASEBOARD_VERSION: Rev 1.xx
- DUMP_TYPE: 2
- DUMP_FILE_ATTRIBUTES: 0x8
- Kernel Generated Triage Dump
- BUGCHECK_STR: 0x1a_41201
- CPU_COUNT: 4
- CPU_MHZ: ed0
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 9e
- CPU_STEPPING: 9
- CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: 42'00000000 (cache) 42'00000000 (init)
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: chrome.exe
- CURRENT_IRQL: 2
- ANALYSIS_SESSION_HOST: USERNAME-PC
- ANALYSIS_SESSION_TIME: 07-13-2017 13:36:39.0596
- ANALYSIS_VERSION: 10.0.14321.1024 amd64fre
- LAST_CONTROL_TRANSFER: from fffff8004edb8621 to fffff8004ed8afd0
- STACK_COMMAND: kb
- THREAD_SHA1_HASH_MOD_FUNC: daeab5d68ba3ecb3234b5b8938d47aee75235996
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 66411f2c1c75e6ba4c6365f47c618f2cd51d8012
- THREAD_SHA1_HASH_MOD: 30a3e915496deaace47137d5b90c3ecc03746bf6
- FOLLOWUP_IP:
- nt!MiGetPageProtection+12ff01
- fffff800`4edb8621 cc int 3
- FAULT_INSTR_CODE: a88d49cc
- SYMBOL_STACK_INDEX: 1
- SYMBOL_NAME: nt!MiGetPageProtection+12ff01
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: nt
- DEBUG_FLR_IMAGE_TIMESTAMP: 58ccba4c
- IMAGE_VERSION: 10.0.15063.0
- IMAGE_NAME: memory_corruption
- BUCKET_ID_FUNC_OFFSET: 12ff01
- FAILURE_BUCKET_ID: 0x1a_41201_nt!MiGetPageProtection
- BUCKET_ID: 0x1a_41201_nt!MiGetPageProtection
- PRIMARY_PROBLEM_CLASS: 0x1a_41201_nt!MiGetPageProtection
- TARGET_TIME: 2017-07-13T16:56:14.000Z
- OSBUILD: 15063
- OSSERVICEPACK: 0
- SERVICEPACK_NUMBER: 0
- OS_REVISION: 0
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- OSPLATFORM_TYPE: x64
- OSNAME: Windows 10
- OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS
- USER_LCID: 0
- OSBUILD_TIMESTAMP: 2017-03-18 00:40:44
- BUILDDATESTAMP_STR: 160101.0800
- BUILDLAB_STR: WinBuild
- BUILDOSVER_STR: 10.0.15063.0
- ANALYSIS_SESSION_ELAPSED_TIME: 5b8
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:0x1a_41201_nt!migetpageprotection
- FAILURE_ID_HASH: {c1fe3b27-3ba8-d99e-656f-85f3d58dc669}
- Followup: MachineOwner
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement