Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 04 minutes and 30 seconds
- ================================= CPU ==================================
- COUNT: 4
- MHZ: 3912
- VENDOR: GenuineIntel
- FAMILY: 6
- MODEL: 9e
- STEPPING: 9
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 18362.1.amd64fre.19h1_release.190318-1202
- BUILD_VERSION: 10.0.18362.418 (WinBuild.160101.0800)
- BUILD: 18362
- SERVICEPACK: 418
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS
- BUILD_TIMESTAMP: unknown_date
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.18362.418
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * Additional BIOS information was not included in the dump file(s). This
- can be caused by an outdated BIOS.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ====================== File: 080320-53171-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff806`62e00000 PsLoadedModuleList = 0xfffff806`63248210
- Debug session time: Mon Aug 3 01:38:35.516 2020 (UTC - 4:00)
- System Uptime: 0 days 0:09:03.189
- BugCheck 1A, {3f, f3fe, f3fe, 74092595}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 000000000000003f, The subtype of the bugcheck.
- Arg2: 000000000000f3fe
- Arg3: 000000000000f3fe
- Arg4: 0000000074092595
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
- The data read from storage does not match the original data written.
- This indicates the data was corrupted by the storage stack, or device hardware.
- BUGCHECK_STR: 0x1a_3f
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: MemCompression
- CURRENT_IRQL: 2
- PAGE_HASH_ERRORS_DETECTED: 1
- TRAP_FRAME: fffffe056b8bf290 -- (.trap 0xfffffe056b8bf290)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=ffffa28bc0d99078 rbx=0000000000000000 rcx=ffffa28bbc7de080
- rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8066699f950 rsp=fffffe056b8bf428 rbp=fffffe056b8bf4f9
- r8=0000000000000000 r9=0000000000000004 r10=0000000000000008
- r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl zr na po nc
- ndis!NdisSetThreadObjectCompartmentId:
- fffff806`6699f950 89542410 mov dword ptr [rsp+10h],edx ss:0018:fffffe05`6b8bf438=c0d99078
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80663063d96 to fffff80662fc1220
- STACK_TEXT:
- fffffe05`6b8be348 fffff806`63063d96 : 00000000`0000001a 00000000`0000003f 00000000`0000f3fe 00000000`0000f3fe : nt!KeBugCheckEx
- fffffe05`6b8be350 fffff806`62e8df32 : ffffa28b`c08bf800 ffffffff`ffffffff 00000000`00000000 ffffa28b`c08bf8f0 : nt!MiValidatePagefilePageHash+0x10176a
- fffffe05`6b8be430 fffff806`62e8d47d : 00000000`00000002 fffffe05`00000000 fffffe05`6b8be5e8 fffff806`00000000 : nt!MiWaitForInPageComplete+0x472
- fffffe05`6b8be540 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 000001a7`6b80f770 00000000`00000001 : nt!MiIssueHardFault+0x1ad
- fffffe05`6b8be640 fffff806`62fcf320 : fffffe05`6b8be9c0 fffff806`62eb39e4 fffffe05`6b8bec08 ffff8901`9d2c0180 : nt!MmAccessFault+0x40b
- fffffe05`6b8be7e0 fffff806`62f5e150 : ffff8901`9e9a2000 ffffa28b`baeec050 fffff806`62e5cfc0 ffff8901`9e9a2000 : nt!KiPageFault+0x360
- fffffe05`6b8be978 fffff806`62e5cfc0 : ffff8901`9e9a2000 ffff8901`9e9a2000 00000000`00000002 000001a7`6b80f770 : nt!RtlDecompressBufferXpressLz+0x50
- fffffe05`6b8be990 fffff806`62f5fed9 : 00000000`00000000 00002000`00000001 00000000`00000000 ffffa28b`baeed788 : nt!RtlDecompressBufferEx+0x60
- fffffe05`6b8be9e0 fffff806`62f5fd64 : 00000000`00000004 fffffe05`6b8bebf0 00000000`00000000 00000000`0000004d : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- fffffe05`6b8beac0 fffff806`62f5fbe2 : 00000000`00000001 00000000`0000f770 ffffa28b`0000f770 ffffa28b`0000d000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- fffffe05`6b8beb10 fffff806`62f5fa0b : 00000000`ffffffff ffffa28b`c0963000 fffffe05`6b8bebf0 ffffa28b`babe5d90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- fffffe05`6b8bebb0 fffff806`62f5f851 : ffffa28b`c0963000 00000000`00000000 00000000`00000001 ffffa28b`baeed788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- fffffe05`6b8bec60 fffff806`62f5f761 : ffffa28b`baeec000 ffffa28b`babe5d90 ffffa28b`c0963000 ffffa28b`baeed9b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- fffffe05`6b8bece0 fffff806`62e69e18 : ffffa28b`bc7de080 ffffa28b`baeec000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- fffffe05`6b8bed10 fffff806`62f62cc1 : fffff806`62f5f740 fffffe05`6b8bedc0 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- fffffe05`6b8bed80 fffff806`62f4b941 : fffffe05`6b8bee80 fffff806`62edfec7 ffffa28b`baeec000 fffffe05`6b8befd0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- fffffe05`6b8bee50 fffff806`62f4b527 : 00000000`0000000c ffffa28b`baeec000 fffffe05`6b8bef00 ffffa28b`babe5d90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- fffffe05`6b8beea0 fffff806`62f61fd3 : 00000000`0000000c ffffa28b`babe5d90 00000000`0000000d 00000000`0000000d : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- fffffe05`6b8bef30 fffff806`62f636af : ffffa28b`0000000d ffffa28b`b8fc4e70 00000000`00000000 ffffa28b`baeec000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- fffffe05`6b8befa0 fffff806`62e8e05b : fffff806`63268bc0 00000000`00000001 fffff806`63268c80 fffff806`62e74ee6 : nt!SmPageRead+0x33
- fffffe05`6b8beff0 fffff806`62e8d759 : 00000000`00000002 fffffe05`6b8bf080 fffffe05`6b8bf1e8 ffffb95c`be0199a0 : nt!MiIssueHardFaultIo+0x117
- fffffe05`6b8bf040 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 fffff806`6699f950 fffff806`6699f950 : nt!MiIssueHardFault+0x489
- fffffe05`6b8bf0f0 fffff806`62fcf320 : 00000000`0002001f 00000000`00000000 00000000`00000000 00000000`0002001f : nt!MmAccessFault+0x40b
- fffffe05`6b8bf290 fffff806`6699f950 : fffff806`668aa69c 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 : nt!KiPageFault+0x360
- fffffe05`6b8bf428 fffff806`668aa69c : 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 00000000`00000000 : ndis!NdisSetThreadObjectCompartmentId
- fffffe05`6b8bf430 fffff806`6652e57d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisNsiSetThreadInformation+0x4c
- fffffe05`6b8bf460 fffff806`6d8f1ba5 : 00000000`00000000 00000000`00000001 ffffa28b`c0d99010 000000ef`17cef780 : NETIO!NsiSetParameterEx+0x14d
- fffffe05`6b8bf560 fffff806`6d8f27b6 : 00000000`00000000 ffffa28b`bf9a0440 ffffa28b`bf9a0370 00000000`00000004 : nsiproxy!NsippSetParameter+0x195
- fffffe05`6b8bf6d0 fffff806`62e31f39 : 00000000`00000002 00000000`00000000 ffffa28b`bc9bc160 ffffa28b`ba9599f0 : nsiproxy!NsippDispatch+0x196
- fffffe05`6b8bf720 fffff806`633e93f5 : ffffa28b`bf9a0370 00000000`00000000 00000000`00000000 ffffa28b`bc9bc160 : nt!IofCallDriver+0x59
- fffffe05`6b8bf760 fffff806`633e9200 : 00000000`00000000 00000000`00040800 ffffa28b`bc9bc160 fffffe05`6b8bfa80 : nt!IopSynchronousServiceTail+0x1a5
- fffffe05`6b8bf800 fffff806`633e85d6 : 000000ef`17cef610 00000000`0000016c 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc10
- fffffe05`6b8bf920 fffff806`62fd2b15 : ffffa28b`bc7de080 000000ef`17cef5f8 fffffe05`6b8bf9a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
- fffffe05`6b8bf990 00007ffe`eaa5c1a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 000000ef`17cef688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`eaa5c1a4
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80662e73034-fffff80662e73038 5 bytes - nt!MmAccessFault+4a4
- [ df be 7d fb f6:2f 57 ae 5c b9 ]
- fffff80662e8d4dc-fffff80662e8d4dd 2 bytes - nt!MiIssueHardFault+20c (+0x1a4a8)
- [ 80 f6:00 b9 ]
- fffff80662edff6c - nt!MiReplaceNumaStandbyPage+60 (+0x52a90)
- [ fa:99 ]
- fffff80662f63797-fffff80662f63798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x8382b)
- [ 48 ff:4c 8b ]
- fffff80662f6379e-fffff80662f637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
- [ 0f 1f 44 00:e8 1d 40 95 ]
- 14 errors : !nt (fffff80662e73034-fffff80662f637a1)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-08-03T05:38:35.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
- Image name: YSDrv.sys
- Search : https://www.google.com/search?q=YSDrv.sys
- ADA Info : VirtualBox Support driver
- Timestamp : Wed Oct 11 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Nov 13 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 26 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff806`60350000 fffff806`60389000 klids.sys
- fffff806`6d980000 fffff806`6d9b9000 klids.sys
- fffff806`6cf60000 fffff806`6cf6f000 dump_storpor
- fffff806`6cfa0000 fffff806`6cfcf000 dump_storahc
- fffff806`6cc00000 fffff806`6cc1e000 dump_dumpfve
- fffff806`704a0000 fffff806`704ab000 klpnpflt.sys
- fffff806`70430000 fffff806`7043b000 klpnpflt.sys
- fffff806`6fd00000 fffff806`6fd0b000 klpnpflt.sys
- fffff806`6da20000 fffff806`6da3e000 dam.sys
- fffff806`65fb0000 fffff806`65fbe000 klelam.sys
- fffff806`66fe0000 fffff806`66ff0000 hwpolicy.sys
- ====================== Dump #1: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #1: Extra #1 ===========================
- 0: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #1: Extra #2 ===========================
- 0: kd> !thread
- THREAD ffffa28bbc7de080 Cid 2330.13a4 Teb: 000000ef17f96000 Win32Thread: 0000000000000000 RUNNING on processor 0
- IRP List:
- Unable to read nt!_IRP @ ffffa28bbf9a0370
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8066322ca14
- Owning Process ffffa28bc1d71080 Image: System Process
- Attached Process ffffa28bbaeeb080 Image: MemCompression
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 34763
- Context Switch Count 48 IdealProcessor: 2
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff766634eb0
- Stack Init fffffe056b8bfb90 Current fffffe056b8be090
- Base fffffe056b8c0000 Limit fffffe056b8b9000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffffe05`6b8be348 fffff806`63063d96 : 00000000`0000001a 00000000`0000003f 00000000`0000f3fe 00000000`0000f3fe : nt!KeBugCheckEx
- fffffe05`6b8be350 fffff806`62e8df32 : ffffa28b`c08bf800 ffffffff`ffffffff 00000000`00000000 ffffa28b`c08bf8f0 : nt!MiValidatePagefilePageHash+0x10176a
- fffffe05`6b8be430 fffff806`62e8d47d : 00000000`00000002 fffffe05`00000000 fffffe05`6b8be5e8 fffff806`00000000 : nt!MiWaitForInPageComplete+0x472
- fffffe05`6b8be540 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 000001a7`6b80f770 00000000`00000001 : nt!MiIssueHardFault+0x1ad
- fffffe05`6b8be640 fffff806`62fcf320 : fffffe05`6b8be9c0 fffff806`62eb39e4 fffffe05`6b8bec08 ffff8901`9d2c0180 : nt!MmAccessFault+0x40b
- fffffe05`6b8be7e0 fffff806`62f5e150 : ffff8901`9e9a2000 ffffa28b`baeec050 fffff806`62e5cfc0 ffff8901`9e9a2000 : nt!KiPageFault+0x360 (TrapFrame @ fffffe05`6b8be7e0)
- fffffe05`6b8be978 fffff806`62e5cfc0 : ffff8901`9e9a2000 ffff8901`9e9a2000 00000000`00000002 000001a7`6b80f770 : nt!RtlDecompressBufferXpressLz+0x50
- fffffe05`6b8be990 fffff806`62f5fed9 : 00000000`00000000 00002000`00000001 00000000`00000000 ffffa28b`baeed788 : nt!RtlDecompressBufferEx+0x60
- fffffe05`6b8be9e0 fffff806`62f5fd64 : 00000000`00000004 fffffe05`6b8bebf0 00000000`00000000 00000000`0000004d : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- fffffe05`6b8beac0 fffff806`62f5fbe2 : 00000000`00000001 00000000`0000f770 ffffa28b`0000f770 ffffa28b`0000d000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- fffffe05`6b8beb10 fffff806`62f5fa0b : 00000000`ffffffff ffffa28b`c0963000 fffffe05`6b8bebf0 ffffa28b`babe5d90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- fffffe05`6b8bebb0 fffff806`62f5f851 : ffffa28b`c0963000 00000000`00000000 00000000`00000001 ffffa28b`baeed788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- fffffe05`6b8bec60 fffff806`62f5f761 : ffffa28b`baeec000 ffffa28b`babe5d90 ffffa28b`c0963000 ffffa28b`baeed9b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- fffffe05`6b8bece0 fffff806`62e69e18 : ffffa28b`bc7de080 ffffa28b`baeec000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- fffffe05`6b8bed10 fffff806`62f62cc1 : fffff806`62f5f740 fffffe05`6b8bedc0 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- fffffe05`6b8bed80 fffff806`62f4b941 : fffffe05`6b8bee80 fffff806`62edfec7 ffffa28b`baeec000 fffffe05`6b8befd0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- fffffe05`6b8bee50 fffff806`62f4b527 : 00000000`0000000c ffffa28b`baeec000 fffffe05`6b8bef00 ffffa28b`babe5d90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- fffffe05`6b8beea0 fffff806`62f61fd3 : 00000000`0000000c ffffa28b`babe5d90 00000000`0000000d 00000000`0000000d : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- fffffe05`6b8bef30 fffff806`62f636af : ffffa28b`0000000d ffffa28b`b8fc4e70 00000000`00000000 ffffa28b`baeec000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- fffffe05`6b8befa0 fffff806`62e8e05b : fffff806`63268bc0 00000000`00000001 fffff806`63268c80 fffff806`62e74ee6 : nt!SmPageRead+0x33
- fffffe05`6b8beff0 fffff806`62e8d759 : 00000000`00000002 fffffe05`6b8bf080 fffffe05`6b8bf1e8 ffffb95c`be0199a0 : nt!MiIssueHardFaultIo+0x117
- fffffe05`6b8bf040 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 fffff806`6699f950 fffff806`6699f950 : nt!MiIssueHardFault+0x489
- fffffe05`6b8bf0f0 fffff806`62fcf320 : 00000000`0002001f 00000000`00000000 00000000`00000000 00000000`0002001f : nt!MmAccessFault+0x40b
- fffffe05`6b8bf290 fffff806`6699f950 : fffff806`668aa69c 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 : nt!KiPageFault+0x360 (TrapFrame @ fffffe05`6b8bf290)
- fffffe05`6b8bf428 fffff806`668aa69c : 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 00000000`00000000 : ndis!NdisSetThreadObjectCompartmentId
- fffffe05`6b8bf430 fffff806`6652e57d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisNsiSetThreadInformation+0x4c
- fffffe05`6b8bf460 fffff806`6d8f1ba5 : 00000000`00000000 00000000`00000001 ffffa28b`c0d99010 000000ef`17cef780 : NETIO!NsiSetParameterEx+0x14d
- fffffe05`6b8bf560 fffff806`6d8f27b6 : 00000000`00000000 ffffa28b`bf9a0440 ffffa28b`bf9a0370 00000000`00000004 : nsiproxy!NsippSetParameter+0x195
- fffffe05`6b8bf6d0 fffff806`62e31f39 : 00000000`00000002 00000000`00000000 ffffa28b`bc9bc160 ffffa28b`ba9599f0 : nsiproxy!NsippDispatch+0x196
- fffffe05`6b8bf720 fffff806`633e93f5 : ffffa28b`bf9a0370 00000000`00000000 00000000`00000000 ffffa28b`bc9bc160 : nt!IofCallDriver+0x59
- fffffe05`6b8bf760 fffff806`633e9200 : 00000000`00000000 00000000`00040800 ffffa28b`bc9bc160 fffffe05`6b8bfa80 : nt!IopSynchronousServiceTail+0x1a5
- fffffe05`6b8bf800 fffff806`633e85d6 : 000000ef`17cef610 00000000`0000016c 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc10
- fffffe05`6b8bf920 fffff806`62fd2b15 : ffffa28b`bc7de080 000000ef`17cef5f8 fffffe05`6b8bf9a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
- fffffe05`6b8bf990 00007ffe`eaa5c1a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffffe05`6b8bfa00)
- 000000ef`17cef688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`eaa5c1a4
- ========================================================================
- ======================= Dump #2: ANALYZE VERBOSE =======================
- ====================== File: 080320-52375-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff803`37400000 PsLoadedModuleList = 0xfffff803`37848210
- Debug session time: Mon Aug 3 01:16:41.395 2020 (UTC - 4:00)
- System Uptime: 1 days 16:15:34.068
- BugCheck 1A, {3f, 435ee, 433ee, 3c38f34a}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 000000000000003f, The subtype of the bugcheck.
- Arg2: 00000000000435ee
- Arg3: 00000000000433ee
- Arg4: 000000003c38f34a
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
- The data read from storage does not match the original data written.
- This indicates the data was corrupted by the storage stack, or device hardware.
- BUGCHECK_STR: 0x1a_3f
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: MemCompression
- CURRENT_IRQL: 2
- PAGE_HASH_ERRORS_DETECTED: 1
- TRAP_FRAME: ffff83064d216f50 -- (.trap 0xffff83064d216f50)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffff8033755e100 rbx=0000000000000000 rcx=ffffd081c86b6000
- rdx=ffffd081c86b6000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8033755e150 rsp=ffff83064d2170e8 rbp=ffffd081c86b6000
- r8=00000192059d4a90 r9=000000000000095d r10=ffffd081c86b6ea0
- r11=00000192059d53ed r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl zr na po nc
- nt!RtlDecompressBufferXpressLz+0x50:
- fffff803`3755e150 418b08 mov ecx,dword ptr [r8] ds:00000192`059d4a90=????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff80337663d96 to fffff803375c1220
- STACK_TEXT:
- ffff8306`4d216ab8 fffff803`37663d96 : 00000000`0000001a 00000000`0000003f 00000000`000435ee 00000000`000433ee : nt!KeBugCheckEx
- ffff8306`4d216ac0 fffff803`3748df32 : ffffe105`90e7ab50 ffffffff`ffffffff 00000000`00000000 ffffe105`90e7ac40 : nt!MiValidatePagefilePageHash+0x10176a
- ffff8306`4d216ba0 fffff803`3748d47d : 00000000`00000002 ffff8306`00000000 ffff8306`4d216d58 fffff803`00000000 : nt!MiWaitForInPageComplete+0x472
- ffff8306`4d216cb0 fffff803`37472f9b : 00000000`c0033333 00000000`00000000 00000192`059d4a90 00000000`00000000 : nt!MiIssueHardFault+0x1ad
- ffff8306`4d216db0 fffff803`375cf320 : 00000000`00000000 ffff8306`4d216fd0 ffff8306`4d217378 00000000`00000000 : nt!MmAccessFault+0x40b
- ffff8306`4d216f50 fffff803`3755e150 : ffffd081`c86b6000 ffffe105`89130050 fffff803`3745cfc0 ffffd081`c86b6000 : nt!KiPageFault+0x360
- ffff8306`4d2170e8 fffff803`3745cfc0 : ffffd081`c86b6000 ffffd081`c86b6000 00000000`00000002 00000192`059d4a90 : nt!RtlDecompressBufferXpressLz+0x50
- ffff8306`4d217100 fffff803`3755fed9 : 00000000`00000000 fffff803`00000001 00000000`00000000 ffffe105`89131788 : nt!RtlDecompressBufferEx+0x60
- ffff8306`4d217150 fffff803`3755fd64 : 00000000`00000004 ffff8306`4d217360 00000000`00000000 00000000`00000174 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffff8306`4d217230 fffff803`3755fbe2 : 00000000`00000001 00000000`00014a90 ffffe105`00014a90 ffffe105`00008000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffff8306`4d217280 fffff803`3755fa0b : 00000000`ffffffff ffffe105`9078c000 ffff8306`4d217360 ffffe105`87e30dd0 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffff8306`4d217320 fffff803`3755f851 : ffffe105`9078c000 00000000`00000000 00000000`00000001 ffffe105`89131788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffff8306`4d2173d0 fffff803`3755f761 : ffffe105`89130000 ffffe105`87e30dd0 ffffe105`9078c000 ffffe105`891319b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffff8306`4d217450 fffff803`37469e18 : ffffe105`8ff6e080 ffffe105`89130000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffff8306`4d217480 fffff803`37562cc1 : fffff803`3755f740 ffff8306`4d217530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffff8306`4d2174f0 fffff803`3754b941 : ffff8306`4d2175f0 fffff803`3798db78 ffffe105`89130000 ffff8306`4d217740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffff8306`4d2175c0 fffff803`3754b527 : 00000000`0000000c ffffe105`89130000 ffff8306`4d217670 ffffe105`87e30dd0 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffff8306`4d217610 fffff803`37561fd3 : 00000000`0000000c ffffe105`87e30dd0 00000000`00000008 00000000`00000008 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffff8306`4d2176a0 fffff803`375636af : ffffe105`00000008 ffffe105`90c35b00 00000000`00000000 ffffe105`89130000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffff8306`4d217710 fffff803`3748e05b : ffffe105`921d35c0 00000000`00000001 ffffe105`921d3680 fffff803`37474ee6 : nt!SmPageRead+0x33
- ffff8306`4d217760 fffff803`3748d759 : 00000000`00000002 ffff8306`4d2177f0 ffff8306`4d217958 fffffc7e`00000a38 : nt!MiIssueHardFaultIo+0x117
- ffff8306`4d2177b0 fffff803`37472f9b : 00000000`c0033333 00000000`00000001 00000000`28fb90cf fffff803`375c842f : nt!MiIssueHardFault+0x489
- ffff8306`4d217860 fffff803`375cf320 : 00000000`109f5608 ffff8306`4d217a80 00000000`00a39000 ffff8306`4d217a80 : nt!MmAccessFault+0x40b
- ffff8306`4d217a00 00000000`770c662f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
- 00000000`16fff178 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770c662f
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff80337472f0b-fffff80337472f0f 5 bytes - nt!MmAccessFault+37b
- [ df be 7d fb f6:8f 1f 3f 7e fc ]
- fffff80337472f38-fffff80337472f3c 5 bytes - nt!MmAccessFault+3a8 (+0x2d)
- [ d7 be 7d fb f6:87 1f 3f 7e fc ]
- fffff80337473034-fffff80337473038 5 bytes - nt!MmAccessFault+4a4 (+0xfc)
- [ df be 7d fb f6:8f 1f 3f 7e fc ]
- fffff8033748d4dc-fffff8033748d4dd 2 bytes - nt!MiIssueHardFault+20c (+0x1a4a8)
- [ 80 f6:00 fc ]
- fffff803374be233 - nt!MiValidFault+113 (+0x30d57)
- [ fa:a2 ]
- fffff803374be25a - nt!MiValidFault+13a (+0x27)
- [ fa:a2 ]
- fffff803374be264-fffff803374be268 5 bytes - nt!MiValidFault+144 (+0x0a)
- [ d0 be 7d fb f6:80 1f 3f 7e fc ]
- fffff803374be286-fffff803374be28a 5 bytes - nt!MiValidFault+166 (+0x22)
- [ d7 be 7d fb f6:87 1f 3f 7e fc ]
- fffff80337563797-fffff80337563798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0xa5511)
- [ 48 ff:4c 8b ]
- fffff8033756379e-fffff803375637a2 5 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
- [ 0f 1f 44 00 00:e8 1d b0 df ff ]
- fffff803375c82d3-fffff803375c82d4 2 bytes - nt!SwapContext+53 (+0x64b35)
- [ 48 ff:4c 8b ]
- fffff803375c82da-fffff803375c82de 5 bytes - nt!SwapContext+5a (+0x07)
- [ 0f 1f 44 00 00:e8 91 7d d9 ff ]
- 43 errors : !nt (fffff80337472f0b-fffff803375c82de)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-08-03T05:16:41.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- ====================== Dump #2: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
- Image name: YSDrv.sys
- Search : https://www.google.com/search?q=YSDrv.sys
- ADA Info : VirtualBox Support driver
- Timestamp : Wed Oct 11 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Nov 13 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
- Image name: klupd_klif_klark.sys
- Search : https://www.google.com/search?q=klupd_klif_klark.sys
- ADA Info : Kaspersky https://www.kaspersky.com/
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 26 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #2: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #2: UNLOADED MODULES =======================
- fffff803`34400000 fffff803`34426000 USBSTOR.SYS
- fffff803`344b0000 fffff803`344bf000 WpdUpFltr.sy
- fffff803`34450000 fffff803`344a1000 WUDFRd.sys
- fffff803`34430000 fffff803`3444c000 EhStorClass.
- fffff803`343b0000 fffff803`343d6000 USBSTOR.SYS
- fffff803`343e0000 fffff803`343fc000 EhStorClass.
- fffff803`34330000 fffff803`3433f000 hiber_storpo
- fffff803`34340000 fffff803`3436f000 hiber_storah
- fffff803`34370000 fffff803`3438e000 hiber_dumpfv
- fffff803`33ff0000 fffff803`34009000 monitor.sys
- fffff803`34270000 fffff803`34296000 USBSTOR.SYS
- fffff803`34320000 fffff803`3432f000 WpdUpFltr.sy
- fffff803`342c0000 fffff803`34311000 WUDFRd.sys
- fffff803`342a0000 fffff803`342bc000 EhStorClass.
- fffff803`341b0000 fffff803`341d6000 USBSTOR.SYS
- fffff803`34260000 fffff803`3426f000 WpdUpFltr.sy
- fffff803`34200000 fffff803`34251000 WUDFRd.sys
- fffff803`341e0000 fffff803`341fc000 EhStorClass.
- fffff803`34180000 fffff803`341a6000 USBSTOR.SYS
- fffff803`39490000 fffff803`394ac000 EhStorClass.
- fffff803`34010000 fffff803`3417a000 EasyAntiChea
- fffff803`33f90000 fffff803`33f9f000 hiber_storpo
- fffff803`33fa0000 fffff803`33fcf000 hiber_storah
- fffff803`33fd0000 fffff803`33fee000 hiber_dumpfv
- fffff803`44bc0000 fffff803`44bd9000 monitor.sys
- fffff803`33e10000 fffff803`33f7a000 EasyAntiChea
- fffff803`409b0000 fffff803`409e9000 klids.sys
- fffff803`3ffd0000 fffff803`3ffdf000 dump_storpor
- fffff803`3fc30000 fffff803`3fc5f000 dump_storahc
- fffff803`3fc80000 fffff803`3fc9e000 dump_dumpfve
- fffff803`32e00000 fffff803`32e0b000 klpnpflt.sys
- fffff803`33790000 fffff803`3379b000 klpnpflt.sys
- fffff803`43100000 fffff803`4310b000 klpnpflt.sys
- fffff803`40a50000 fffff803`40a6e000 dam.sys
- fffff803`38fb0000 fffff803`38fbe000 klelam.sys
- fffff803`39fe0000 fffff803`39ff0000 hwpolicy.sys
- ====================== Dump #2: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #2: Extra #1 ===========================
- 3: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #2: Extra #2 ===========================
- 3: kd> !thread
- THREAD ffffe1058ff6e080 Cid 0f9c.0944 Teb: 0000000000a39000 Win32Thread: 0000000000000000 RUNNING on processor 3
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8033782ca14
- Owning Process ffffe105921d30c0 Image: System Process
- Attached Process ffffe10589133040 Image: MemCompression
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 9275779
- Context Switch Count 241572 IdealProcessor: 3
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x0000000076742450
- Stack Init ffff83064d217b90 Current ffff83064d216800
- Base ffff83064d218000 Limit ffff83064d211000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffff8306`4d216ab8 fffff803`37663d96 : 00000000`0000001a 00000000`0000003f 00000000`000435ee 00000000`000433ee : nt!KeBugCheckEx
- ffff8306`4d216ac0 fffff803`3748df32 : ffffe105`90e7ab50 ffffffff`ffffffff 00000000`00000000 ffffe105`90e7ac40 : nt!MiValidatePagefilePageHash+0x10176a
- ffff8306`4d216ba0 fffff803`3748d47d : 00000000`00000002 ffff8306`00000000 ffff8306`4d216d58 fffff803`00000000 : nt!MiWaitForInPageComplete+0x472
- ffff8306`4d216cb0 fffff803`37472f9b : 00000000`c0033333 00000000`00000000 00000192`059d4a90 00000000`00000000 : nt!MiIssueHardFault+0x1ad
- ffff8306`4d216db0 fffff803`375cf320 : 00000000`00000000 ffff8306`4d216fd0 ffff8306`4d217378 00000000`00000000 : nt!MmAccessFault+0x40b
- ffff8306`4d216f50 fffff803`3755e150 : ffffd081`c86b6000 ffffe105`89130050 fffff803`3745cfc0 ffffd081`c86b6000 : nt!KiPageFault+0x360 (TrapFrame @ ffff8306`4d216f50)
- ffff8306`4d2170e8 fffff803`3745cfc0 : ffffd081`c86b6000 ffffd081`c86b6000 00000000`00000002 00000192`059d4a90 : nt!RtlDecompressBufferXpressLz+0x50
- ffff8306`4d217100 fffff803`3755fed9 : 00000000`00000000 fffff803`00000001 00000000`00000000 ffffe105`89131788 : nt!RtlDecompressBufferEx+0x60
- ffff8306`4d217150 fffff803`3755fd64 : 00000000`00000004 ffff8306`4d217360 00000000`00000000 00000000`00000174 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffff8306`4d217230 fffff803`3755fbe2 : 00000000`00000001 00000000`00014a90 ffffe105`00014a90 ffffe105`00008000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffff8306`4d217280 fffff803`3755fa0b : 00000000`ffffffff ffffe105`9078c000 ffff8306`4d217360 ffffe105`87e30dd0 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffff8306`4d217320 fffff803`3755f851 : ffffe105`9078c000 00000000`00000000 00000000`00000001 ffffe105`89131788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffff8306`4d2173d0 fffff803`3755f761 : ffffe105`89130000 ffffe105`87e30dd0 ffffe105`9078c000 ffffe105`891319b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffff8306`4d217450 fffff803`37469e18 : ffffe105`8ff6e080 ffffe105`89130000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffff8306`4d217480 fffff803`37562cc1 : fffff803`3755f740 ffff8306`4d217530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffff8306`4d2174f0 fffff803`3754b941 : ffff8306`4d2175f0 fffff803`3798db78 ffffe105`89130000 ffff8306`4d217740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffff8306`4d2175c0 fffff803`3754b527 : 00000000`0000000c ffffe105`89130000 ffff8306`4d217670 ffffe105`87e30dd0 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffff8306`4d217610 fffff803`37561fd3 : 00000000`0000000c ffffe105`87e30dd0 00000000`00000008 00000000`00000008 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffff8306`4d2176a0 fffff803`375636af : ffffe105`00000008 ffffe105`90c35b00 00000000`00000000 ffffe105`89130000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffff8306`4d217710 fffff803`3748e05b : ffffe105`921d35c0 00000000`00000001 ffffe105`921d3680 fffff803`37474ee6 : nt!SmPageRead+0x33
- ffff8306`4d217760 fffff803`3748d759 : 00000000`00000002 ffff8306`4d2177f0 ffff8306`4d217958 fffffc7e`00000a38 : nt!MiIssueHardFaultIo+0x117
- ffff8306`4d2177b0 fffff803`37472f9b : 00000000`c0033333 00000000`00000001 00000000`28fb90cf fffff803`375c842f : nt!MiIssueHardFault+0x489
- ffff8306`4d217860 fffff803`375cf320 : 00000000`109f5608 ffff8306`4d217a80 00000000`00a39000 ffff8306`4d217a80 : nt!MmAccessFault+0x40b
- ffff8306`4d217a00 00000000`770c662f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffff8306`4d217a00)
- 00000000`16fff178 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770c662f
- ========================================================================
- ======================= Dump #3: ANALYZE VERBOSE =======================
- ====================== File: 080320-46015-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff802`2b800000 PsLoadedModuleList = 0xfffff802`2bc48210
- Debug session time: Mon Aug 3 05:11:20.393 2020 (UTC - 4:00)
- System Uptime: 0 days 3:31:45.066
- BugCheck 1A, {3f, 8e42d, 8e42d, ccd97c9f}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 000000000000003f, The subtype of the bugcheck.
- Arg2: 000000000008e42d
- Arg3: 000000000008e42d
- Arg4: 00000000ccd97c9f
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
- The data read from storage does not match the original data written.
- This indicates the data was corrupted by the storage stack, or device hardware.
- BUGCHECK_STR: 0x1a_3f
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: MemCompression
- CURRENT_IRQL: 2
- PAGE_HASH_ERRORS_DETECTED: 1
- TRAP_FRAME: ffffb08d039c6f50 -- (.trap 0xffffb08d039c6f50)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=fffff8022b95e100 rbx=0000000000000000 rcx=ffff9e80e8080000
- rdx=ffff9e80e8080000 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8022b95e150 rsp=ffffb08d039c70e8 rbp=ffff9e80e8080000
- r8=000001c7f25a28f0 r9=000000000000042b r10=ffff9e80e8080ea0
- r11=000001c7f25a2d1b r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei pl zr na po nc
- nt!RtlDecompressBufferXpressLz+0x50:
- fffff802`2b95e150 418b08 mov ecx,dword ptr [r8] ds:000001c7`f25a28f0=????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff8022ba63d96 to fffff8022b9c1220
- STACK_TEXT:
- ffffb08d`039c6ab8 fffff802`2ba63d96 : 00000000`0000001a 00000000`0000003f 00000000`0008e42d 00000000`0008e42d : nt!KeBugCheckEx
- ffffb08d`039c6ac0 fffff802`2b88df32 : ffffe781`0d66fe60 ffffffff`ffffffff 00000000`00000000 ffffe781`0d66ff50 : nt!MiValidatePagefilePageHash+0x10176a
- ffffb08d`039c6ba0 fffff802`2b88d47d : 00000000`00000002 ffffb08d`00000000 ffffb08d`039c6d58 fffff802`00000000 : nt!MiWaitForInPageComplete+0x472
- ffffb08d`039c6cb0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000000 000001c7`f25a28f0 00000000`00000000 : nt!MiIssueHardFault+0x1ad
- ffffb08d`039c6db0 fffff802`2b9cf320 : ffffb08d`039c7320 fffff802`2b9163ad ffffb08d`039c7378 ffffb08d`039c7360 : nt!MmAccessFault+0x40b
- ffffb08d`039c6f50 fffff802`2b95e150 : ffff9e80`e8080000 ffffe781`0f21f050 fffff802`2b85cfc0 ffff9e80`e8080000 : nt!KiPageFault+0x360
- ffffb08d`039c70e8 fffff802`2b85cfc0 : ffff9e80`e8080000 ffff9e80`e8080000 00000000`00000002 000001c7`f25a28f0 : nt!RtlDecompressBufferXpressLz+0x50
- ffffb08d`039c7100 fffff802`2b95fed9 : 00000001`00000000 00000000`00000001 00000000`00000000 ffffe781`0f220788 : nt!RtlDecompressBufferEx+0x60
- ffffb08d`039c7150 fffff802`2b95fd64 : 00000000`00000004 ffffb08d`039c7360 00000000`00000000 00000000`000022b8 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffffb08d`039c7230 fffff802`2b95fbe2 : 00000000`00000001 00000000`000028f0 ffffe781`000028f0 ffffe781`00010000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffb08d`039c7280 fffff802`2b95fa0b : 00000000`ffffffff ffffe781`137b9000 ffffb08d`039c7360 ffffe781`08f95510 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffb08d`039c7320 fffff802`2b95f851 : ffffe781`137b9000 00000000`00000000 00000000`00000001 ffffe781`0f220788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffb08d`039c73d0 fffff802`2b95f761 : ffffe781`0f21f000 ffffe781`08f95510 ffffe781`137b9000 ffffe781`0f2209b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffb08d`039c7450 fffff802`2b869e18 : ffffe781`11006080 ffffe781`0f21f000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffb08d`039c7480 fffff802`2b962cc1 : fffff802`2b95f740 ffffb08d`039c7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffb08d`039c74f0 fffff802`2b94b941 : ffffb08d`039c75f0 fffff802`2bd8db78 ffffe781`0f21f000 ffffb08d`039c7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffb08d`039c75c0 fffff802`2b94b527 : 00000000`0000000c ffffe781`0f21f000 ffffb08d`039c7670 ffffe781`08f95510 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffb08d`039c7610 fffff802`2b961fd3 : 00000000`0000000c ffffe781`08f95510 00000000`00000010 00000000`00000010 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffb08d`039c76a0 fffff802`2b9636af : ffffe781`00000010 ffffe781`110943e0 00000000`00000000 ffffe781`0f21f000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffb08d`039c7710 fffff802`2b88e05b : ffffe781`130845c0 00000000`00000001 ffffe781`13084680 fffff802`2b874ee6 : nt!SmPageRead+0x33
- ffffb08d`039c7760 fffff802`2b88d759 : 00000000`00000002 ffffb08d`039c77f0 ffffb08d`039c7958 ffffd4ea`4077ce98 : nt!MiIssueHardFaultIo+0x117
- ffffb08d`039c77b0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000001 000001df`3a623738 ffffe781`1200ddd0 : nt!MiIssueHardFault+0x489
- ffffb08d`039c7860 fffff802`2b9cf320 : 00000003`01889707 ffffb08d`039c7a80 00000000`00000034 ffffb08d`039c7a80 : nt!MmAccessFault+0x40b
- ffffb08d`039c7a00 00007ffe`07feb801 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
- 00000076`c31fe610 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`07feb801
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8022b873034-fffff8022b873038 5 bytes - nt!MmAccessFault+4a4
- [ df be 7d fb f6:9f 3a 75 ea d4 ]
- fffff8022b88d4dd - nt!MiIssueHardFault+20d (+0x1a4a9)
- [ f6:d4 ]
- fffff8022b963797-fffff8022b963798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0xd62ba)
- [ 48 ff:4c 8b ]
- fffff8022b96379e-fffff8022b9637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
- [ 0f 1f 44 00:e8 1d 40 95 ]
- 12 errors : !nt (fffff8022b873034-fffff8022b9637a1)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-08-03T09:11:20.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- ====================== Dump #3: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #3: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
- Image name: YSDrv.sys
- Search : https://www.google.com/search?q=YSDrv.sys
- ADA Info : VirtualBox Support driver
- Timestamp : Wed Oct 11 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Nov 13 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
- Image name: klupd_klif_klark.sys
- Search : https://www.google.com/search?q=klupd_klif_klark.sys
- ADA Info : Kaspersky https://www.kaspersky.com/
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 26 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #3: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #3: UNLOADED MODULES =======================
- fffff802`35140000 fffff802`35179000 klids.sys
- fffff802`347a0000 fffff802`347af000 dump_storpor
- fffff802`34000000 fffff802`3402f000 dump_storahc
- fffff802`34050000 fffff802`3406e000 dump_dumpfve
- fffff802`37d60000 fffff802`37d6b000 klpnpflt.sys
- fffff802`37cf0000 fffff802`37cfb000 klpnpflt.sys
- fffff802`37c20000 fffff802`37c2b000 klpnpflt.sys
- fffff802`351e0000 fffff802`351fe000 dam.sys
- fffff802`2d3b0000 fffff802`2d3be000 klelam.sys
- fffff802`2e3e0000 fffff802`2e3f0000 hwpolicy.sys
- ====================== Dump #3: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #3: Extra #1 ===========================
- 2: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #3: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffe78111006080 Cid 10bc.29c4 Teb: 00000076c29a1000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Not impersonating
- GetUlongFromAddress: unable to read from fffff8022bc2ca14
- Owning Process ffffe781130840c0 Image: System Process
- Attached Process ffffe7810f221040 Image: MemCompression
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 813112
- Context Switch Count 39319 IdealProcessor: 0
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff7a096a310
- Stack Init ffffb08d039c7b90 Current ffffb08d039c6800
- Base ffffb08d039c8000 Limit ffffb08d039c1000 Call 0000000000000000
- Priority 5 BasePriority 4 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffb08d`039c6ab8 fffff802`2ba63d96 : 00000000`0000001a 00000000`0000003f 00000000`0008e42d 00000000`0008e42d : nt!KeBugCheckEx
- ffffb08d`039c6ac0 fffff802`2b88df32 : ffffe781`0d66fe60 ffffffff`ffffffff 00000000`00000000 ffffe781`0d66ff50 : nt!MiValidatePagefilePageHash+0x10176a
- ffffb08d`039c6ba0 fffff802`2b88d47d : 00000000`00000002 ffffb08d`00000000 ffffb08d`039c6d58 fffff802`00000000 : nt!MiWaitForInPageComplete+0x472
- ffffb08d`039c6cb0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000000 000001c7`f25a28f0 00000000`00000000 : nt!MiIssueHardFault+0x1ad
- ffffb08d`039c6db0 fffff802`2b9cf320 : ffffb08d`039c7320 fffff802`2b9163ad ffffb08d`039c7378 ffffb08d`039c7360 : nt!MmAccessFault+0x40b
- ffffb08d`039c6f50 fffff802`2b95e150 : ffff9e80`e8080000 ffffe781`0f21f050 fffff802`2b85cfc0 ffff9e80`e8080000 : nt!KiPageFault+0x360 (TrapFrame @ ffffb08d`039c6f50)
- ffffb08d`039c70e8 fffff802`2b85cfc0 : ffff9e80`e8080000 ffff9e80`e8080000 00000000`00000002 000001c7`f25a28f0 : nt!RtlDecompressBufferXpressLz+0x50
- ffffb08d`039c7100 fffff802`2b95fed9 : 00000001`00000000 00000000`00000001 00000000`00000000 ffffe781`0f220788 : nt!RtlDecompressBufferEx+0x60
- ffffb08d`039c7150 fffff802`2b95fd64 : 00000000`00000004 ffffb08d`039c7360 00000000`00000000 00000000`000022b8 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffffb08d`039c7230 fffff802`2b95fbe2 : 00000000`00000001 00000000`000028f0 ffffe781`000028f0 ffffe781`00010000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffb08d`039c7280 fffff802`2b95fa0b : 00000000`ffffffff ffffe781`137b9000 ffffb08d`039c7360 ffffe781`08f95510 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffb08d`039c7320 fffff802`2b95f851 : ffffe781`137b9000 00000000`00000000 00000000`00000001 ffffe781`0f220788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffb08d`039c73d0 fffff802`2b95f761 : ffffe781`0f21f000 ffffe781`08f95510 ffffe781`137b9000 ffffe781`0f2209b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffb08d`039c7450 fffff802`2b869e18 : ffffe781`11006080 ffffe781`0f21f000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffb08d`039c7480 fffff802`2b962cc1 : fffff802`2b95f740 ffffb08d`039c7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffb08d`039c74f0 fffff802`2b94b941 : ffffb08d`039c75f0 fffff802`2bd8db78 ffffe781`0f21f000 ffffb08d`039c7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffb08d`039c75c0 fffff802`2b94b527 : 00000000`0000000c ffffe781`0f21f000 ffffb08d`039c7670 ffffe781`08f95510 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffb08d`039c7610 fffff802`2b961fd3 : 00000000`0000000c ffffe781`08f95510 00000000`00000010 00000000`00000010 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffb08d`039c76a0 fffff802`2b9636af : ffffe781`00000010 ffffe781`110943e0 00000000`00000000 ffffe781`0f21f000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffb08d`039c7710 fffff802`2b88e05b : ffffe781`130845c0 00000000`00000001 ffffe781`13084680 fffff802`2b874ee6 : nt!SmPageRead+0x33
- ffffb08d`039c7760 fffff802`2b88d759 : 00000000`00000002 ffffb08d`039c77f0 ffffb08d`039c7958 ffffd4ea`4077ce98 : nt!MiIssueHardFaultIo+0x117
- ffffb08d`039c77b0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000001 000001df`3a623738 ffffe781`1200ddd0 : nt!MiIssueHardFault+0x489
- ffffb08d`039c7860 fffff802`2b9cf320 : 00000003`01889707 ffffb08d`039c7a80 00000000`00000034 ffffb08d`039c7a80 : nt!MmAccessFault+0x40b
- ffffb08d`039c7a00 00007ffe`07feb801 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffffb08d`039c7a00)
- 00000076`c31fe610 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`07feb801
- ========================================================================
- ======================= Dump #4: ANALYZE VERBOSE =======================
- ====================== File: 080320-45656-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff800`4ac00000 PsLoadedModuleList = 0xfffff800`4b048210
- Debug session time: Mon Aug 3 11:36:24.982 2020 (UTC - 4:00)
- System Uptime: 0 days 6:23:57.655
- BugCheck 154, {ffffe38f60d57000, ffffcc087b4b5f60, 2, 0}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : hardware_disk
- Followup: MachineOwner
- UNEXPECTED_STORE_EXCEPTION (154)
- The store component caught an unexpected exception.
- Arguments:
- Arg1: ffffe38f60d57000, Pointer to the store context or data manager
- Arg2: ffffcc087b4b5f60, Exception information
- Arg3: 0000000000000002, Reserved
- Arg4: 0000000000000000, Reserved
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- EXCEPTION_RECORD: ffffcc087b4b6f08 -- (.exr 0xffffcc087b4b6f08)
- ExceptionAddress: fffff8004add4280 (nt!memcpy+0x0000000000000240)
- ExceptionCode: c0000006 (In-page I/O error)
- ExceptionFlags: 00000000
- NumberParameters: 3
- Parameter[0]: 0000000000000000
- Parameter[1]: 000001cb31fc8ff0
- Parameter[2]: 00000000c0000483
- Inpage operation failed at 000001cb31fc8ff0, due to I/O error 00000000c0000483
- EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
- FAULTING_IP:
- nt!memcpy+240
- fffff800`4add4280 f30f6f4411f0 movdqu xmm0,xmmword ptr [rcx+rdx-10h]
- FOLLOWUP_IP:
- +0
- 000001cb`31fc8ff0 ?? ???
- EXCEPTION_PARAMETER1: 0000000000000000
- EXCEPTION_PARAMETER2: 000001cb31fc8ff0
- CONTEXT: ffffcc087b4b6750 -- (.cxr 0xffffcc087b4b6750)
- rax=ffffa901eba3a000 rbx=0000000000001000 rcx=ffffa901eba3a000
- rdx=000058c94658f000 rsi=0000000000000002 rdi=000001cb31fc8000
- rip=fffff8004add4280 rsp=ffffcc087b4b7148 rbp=ffffa901eba39000
- r8=0000000000000000 r9=0000000000000080 r10=7ffffffffffffffc
- r11=ffffa901eba39000 r12=ffffcc087b4b7378 r13=ffffe38f63e2f000
- r14=ffffe38f60d57050 r15=ffffa901eba39000
- iopl=0 nv up ei pl zr na po nc
- cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00050246
- nt!memcpy+0x240:
- fffff800`4add4280 f30f6f4411f0 movdqu xmm0,xmmword ptr [rcx+rdx-10h] ds:002b:000001cb`31fc8ff0=????????????????????????????????
- Resetting default scope
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
- PROCESS_NAME: MemCompression
- CURRENT_IRQL: 0
- ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
- EXCEPTION_CODE_STR: c0000006
- EXCEPTION_PARAMETER3: 00000000c0000483
- IO_ERROR: (NTSTATUS) 0xc0000483 - The request failed due to a fatal device hardware error.
- EXCEPTION_STR: 0xc0000006_c0000483
- BUGCHECK_STR: 0x154_c0000006_c0000483
- STACK_TEXT:
- ffffcc08`7b4b5ea8 fffff800`4af21aea : 00000000`00000154 ffffe38f`60d57000 ffffcc08`7b4b5f60 00000000`00000002 : nt!KeBugCheckEx
- ffffcc08`7b4b5eb0 fffff800`4addb1de : ffffe38f`60d57000 ffffcc08`7b4b5f60 ffffe38f`00000002 ffffe38f`00000050 : nt!SMKM_STORE<SM_TRAITS>::SmStUnhandledExceptionFilter+0x7e
- ffffcc08`7b4b5f00 fffff800`4ad9c399 : 00000000`00000002 ffffcc08`7b4b73d0 ffffcc08`7b4b1000 ffffcc08`7b4b8000 : nt!`SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue'::`1'::filt$0+0x22
- ffffcc08`7b4b5f30 fffff800`4adca04f : ffffcc08`7b4b73d0 ffffcc08`7b4b6510 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xa9
- ffffcc08`7b4b5fa0 fffff800`4acc3375 : 00000000`00000000 00000000`00000000 ffffcc08`7b4b6510 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0xf
- ffffcc08`7b4b5fd0 fffff800`4acc790e : ffffcc08`7b4b6f08 ffffcc08`7b4b6c50 ffffcc08`7b4b6f08 000001cb`31fc8000 : nt!RtlDispatchException+0x4a5
- ffffcc08`7b4b6720 fffff800`4add321d : ffffe38f`60d5c600 fffff800`4ac86c8d 00000000`00010000 ffffcc08`7b4b6fb0 : nt!KiDispatchException+0x16e
- ffffcc08`7b4b6dd0 fffff800`4adcf405 : 00000000`00000030 ffff990d`96000000 ffffcc08`7b4b7378 ffffffff`ffffffff : nt!KiExceptionDispatch+0x11d
- ffffcc08`7b4b6fb0 fffff800`4add4280 : fffff800`4ad5ff69 00000000`00000000 fffff800`00000001 00000000`00000000 : nt!KiPageFault+0x445
- ffffcc08`7b4b7148 fffff800`4ad5ff69 : 00000000`00000000 fffff800`00000001 00000000`00000000 ffffe38f`60d58788 : nt!memcpy+0x240
- ffffcc08`7b4b7150 fffff800`4ad5fd64 : 00000000`00000004 ffffcc08`7b4b7360 00000000`00000000 00000000`00000445 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x1e5
- ffffcc08`7b4b7230 fffff800`4ad5fbe2 : 00000000`00000001 00000000`00008000 ffffe38f`00008000 ffffe38f`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffcc08`7b4b7280 fffff800`4ad5fa0b : 00000000`ffffffff ffffe38f`63e2f000 ffffcc08`7b4b7360 ffffe38f`6238b650 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffcc08`7b4b7320 fffff800`4ad5f851 : ffffe38f`63e2f000 00000000`00000000 00000000`00000001 ffffe38f`60d58788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffcc08`7b4b73d0 fffff800`4ad5f761 : ffffe38f`60d57000 ffffe38f`6238b650 ffffe38f`63e2f000 ffffe38f`60d589b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffcc08`7b4b7450 fffff800`4ac69e18 : ffffe38f`622a35c0 ffffe38f`60d57000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffcc08`7b4b7480 fffff800`4ad62cc1 : fffff800`4ad5f740 ffffcc08`7b4b7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffcc08`7b4b74f0 fffff800`4ad4b941 : ffffcc08`7b4b75f0 fffff800`4b18db78 ffffe38f`60d57000 ffffcc08`7b4b7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffcc08`7b4b75c0 fffff800`4ad4b527 : 00000000`0000000c ffffe38f`60d57000 ffffcc08`7b4b7670 ffffe38f`6238b650 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffcc08`7b4b7610 fffff800`4ad61fd3 : 00000000`0000000c ffffe38f`6238b650 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffcc08`7b4b76a0 fffff800`4ad636af : ffffe38f`00000001 ffffe38f`5b7c25a0 00000000`00000000 ffffe38f`60d57000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffcc08`7b4b7710 fffff800`4ac8e05b : ffffe38f`614b4580 00000000`00000001 ffffe38f`614b4640 fffff800`4ac74ee6 : nt!SmPageRead+0x33
- ffffcc08`7b4b7760 fffff800`4ac8d759 : 00000000`00000002 ffffcc08`7b4b77f0 ffffcc08`7b4b7958 ffff8b45`80000630 : nt!MiIssueHardFaultIo+0x117
- ffffcc08`7b4b77b0 fffff800`4ac72f9b : 00000000`c0033333 00000000`00000001 00000000`18dcba5f 00000000`00000000 : nt!MiIssueHardFault+0x489
- ffffcc08`7b4b7860 fffff800`4adcf320 : 00000000`0000031d ffffcc08`7b4b7a80 00000000`1aeff000 ffffcc08`7b4b7a80 : nt!MmAccessFault+0x40b
- ffffcc08`7b4b7a00 00000000`751fe7c1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
- 00000000`0be3f3f4 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x751fe7c1
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8004ac4c253-fffff8004ac4c254 2 bytes - nt!MiInsertCachedPte+223
- [ ff f6:7f 8b ]
- fffff8004ad2066c-fffff8004ad2066d 2 bytes - nt!MiZeroLargePage+38 (+0xd4419)
- [ 80 fa:00 f9 ]
- fffff8004ad206c3-fffff8004ad206c4 2 bytes - nt!MiZeroLargePage+8f (+0x57)
- [ 80 fa:00 f9 ]
- fffff8004ad63797-fffff8004ad63798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x430d4)
- [ 48 ff:4c 8b ]
- fffff8004ad6379e-fffff8004ad637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
- [ 0f 1f 44 00:e8 1d 40 95 ]
- 12 errors : !nt (fffff8004ac4c253-fffff8004ad637a1)
- THREAD_SHA1_HASH_MOD_FUNC: 8b32537f80d6f3fa5b8133f311ec70ca7bdda2c9
- THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 487a91f526f9c98e686dddb00bf72462a2e7f184
- THREAD_SHA1_HASH_MOD: 5434264786d357a84eafd69f2aecb7bcf64dc830
- FOLLOWUP_NAME: MachineOwner
- MODULE_NAME: hardware_disk
- IMAGE_NAME: hardware_disk
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- FAILURE_BUCKET_ID: 0x154_c0000006_c0000483_IMAGE_hardware_disk
- BUCKET_ID: 0x154_c0000006_c0000483_IMAGE_hardware_disk
- PRIMARY_PROBLEM_CLASS: 0x154_c0000006_c0000483_IMAGE_hardware_disk
- TARGET_TIME: 2020-08-03T15:36:24.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:0x154_c0000006_c0000483_image_hardware_disk
- FAILURE_ID_HASH: {d170a5ab-ac8b-0fed-3160-792217daec42}
- Followup: MachineOwner
- ====================== Dump #4: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Mar 26 2020 - EasyAntiCheat.sys - EasyAntiCheat is a anti-cheat driver (EasyAntiCheat Oy.) https://support.easyanticheat.net/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #4: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
- Image name: YSDrv.sys
- Search : https://www.google.com/search?q=YSDrv.sys
- ADA Info : VirtualBox Support driver
- Timestamp : Wed Oct 11 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Nov 13 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
- Image name: klupd_klif_klark.sys
- Search : https://www.google.com/search?q=klupd_klif_klark.sys
- ADA Info : Kaspersky https://www.kaspersky.com/
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \??\C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys
- Image name: EasyAntiCheat.sys
- Search : https://www.google.com/search?q=EasyAntiCheat.sys
- ADA Info : EasyAntiCheat is a anti-cheat driver (EasyAntiCheat Oy.) https://support.easyanticheat.net/
- Timestamp : Thu Mar 26 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 26 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #4: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #4: UNLOADED MODULES =======================
- fffff800`4a070000 fffff800`4a07c000 cpuz149_x64.
- fffff800`55c40000 fffff800`55c79000 klids.sys
- fffff800`558b0000 fffff800`558bf000 dump_storpor
- fffff800`558f0000 fffff800`5591f000 dump_storahc
- fffff800`55940000 fffff800`5595e000 dump_dumpfve
- fffff800`49260000 fffff800`4926b000 klpnpflt.sys
- fffff800`49ff0000 fffff800`49ffb000 klpnpflt.sys
- fffff800`58220000 fffff800`5822b000 klpnpflt.sys
- fffff800`55ce0000 fffff800`55cfe000 dam.sys
- fffff800`4e1b0000 fffff800`4e1be000 klelam.sys
- fffff800`4f1e0000 fffff800`4f1f0000 hwpolicy.sys
- ====================== Dump #4: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #4: Extra #1 ===========================
- 1: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #4: Extra #2 ===========================
- 1: kd> !thread
- THREAD ffffe38f622a35c0 Cid 104c.24d8 Teb: 000000001aeff000 Win32Thread: 0000000000000000 RUNNING on processor 1
- Impersonation token: ffff990d9d1a6060 (Level Impersonation)
- GetUlongFromAddress: unable to read from fffff8004b02ca14
- Owning Process ffffe38f614b4080 Image: avp.exe
- Attached Process ffffe38f60d5c040 Image: MemCompression
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 1474409
- Context Switch Count 226 IdealProcessor: 3
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x0000000076352450
- Stack Init ffffcc087b4b7b90 Current ffffcc087b4b6860
- Base ffffcc087b4b8000 Limit ffffcc087b4b1000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffcc08`7b4b5ea8 fffff800`4af21aea : 00000000`00000154 ffffe38f`60d57000 ffffcc08`7b4b5f60 00000000`00000002 : nt!KeBugCheckEx
- ffffcc08`7b4b5eb0 fffff800`4addb1de : ffffe38f`60d57000 ffffcc08`7b4b5f60 ffffe38f`00000002 ffffe38f`00000050 : nt!SMKM_STORE<SM_TRAITS>::SmStUnhandledExceptionFilter+0x7e
- ffffcc08`7b4b5f00 fffff800`4ad9c399 : 00000000`00000002 ffffcc08`7b4b73d0 ffffcc08`7b4b1000 ffffcc08`7b4b8000 : nt!`SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue'::`1'::filt$0+0x22
- ffffcc08`7b4b5f30 fffff800`4adca04f : ffffcc08`7b4b73d0 ffffcc08`7b4b6510 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xa9
- ffffcc08`7b4b5fa0 fffff800`4acc3375 : 00000000`00000000 00000000`00000000 ffffcc08`7b4b6510 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0xf
- ffffcc08`7b4b5fd0 fffff800`4acc790e : ffffcc08`7b4b6f08 ffffcc08`7b4b6c50 ffffcc08`7b4b6f08 000001cb`31fc8000 : nt!RtlDispatchException+0x4a5
- ffffcc08`7b4b6720 fffff800`4add321d : ffffe38f`60d5c600 fffff800`4ac86c8d 00000000`00010000 ffffcc08`7b4b6fb0 : nt!KiDispatchException+0x16e
- ffffcc08`7b4b6dd0 fffff800`4adcf405 : 00000000`00000030 ffff990d`96000000 ffffcc08`7b4b7378 ffffffff`ffffffff : nt!KiExceptionDispatch+0x11d
- ffffcc08`7b4b6fb0 fffff800`4add4280 : fffff800`4ad5ff69 00000000`00000000 fffff800`00000001 00000000`00000000 : nt!KiPageFault+0x445 (TrapFrame @ ffffcc08`7b4b6fb0)
- ffffcc08`7b4b7148 fffff800`4ad5ff69 : 00000000`00000000 fffff800`00000001 00000000`00000000 ffffe38f`60d58788 : nt!memcpy+0x240
- ffffcc08`7b4b7150 fffff800`4ad5fd64 : 00000000`00000004 ffffcc08`7b4b7360 00000000`00000000 00000000`00000445 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x1e5
- ffffcc08`7b4b7230 fffff800`4ad5fbe2 : 00000000`00000001 00000000`00008000 ffffe38f`00008000 ffffe38f`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffcc08`7b4b7280 fffff800`4ad5fa0b : 00000000`ffffffff ffffe38f`63e2f000 ffffcc08`7b4b7360 ffffe38f`6238b650 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffcc08`7b4b7320 fffff800`4ad5f851 : ffffe38f`63e2f000 00000000`00000000 00000000`00000001 ffffe38f`60d58788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffcc08`7b4b73d0 fffff800`4ad5f761 : ffffe38f`60d57000 ffffe38f`6238b650 ffffe38f`63e2f000 ffffe38f`60d589b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffcc08`7b4b7450 fffff800`4ac69e18 : ffffe38f`622a35c0 ffffe38f`60d57000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffcc08`7b4b7480 fffff800`4ad62cc1 : fffff800`4ad5f740 ffffcc08`7b4b7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffcc08`7b4b74f0 fffff800`4ad4b941 : ffffcc08`7b4b75f0 fffff800`4b18db78 ffffe38f`60d57000 ffffcc08`7b4b7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffcc08`7b4b75c0 fffff800`4ad4b527 : 00000000`0000000c ffffe38f`60d57000 ffffcc08`7b4b7670 ffffe38f`6238b650 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffcc08`7b4b7610 fffff800`4ad61fd3 : 00000000`0000000c ffffe38f`6238b650 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffcc08`7b4b76a0 fffff800`4ad636af : ffffe38f`00000001 ffffe38f`5b7c25a0 00000000`00000000 ffffe38f`60d57000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffcc08`7b4b7710 fffff800`4ac8e05b : ffffe38f`614b4580 00000000`00000001 ffffe38f`614b4640 fffff800`4ac74ee6 : nt!SmPageRead+0x33
- ffffcc08`7b4b7760 fffff800`4ac8d759 : 00000000`00000002 ffffcc08`7b4b77f0 ffffcc08`7b4b7958 ffff8b45`80000630 : nt!MiIssueHardFaultIo+0x117
- ffffcc08`7b4b77b0 fffff800`4ac72f9b : 00000000`c0033333 00000000`00000001 00000000`18dcba5f 00000000`00000000 : nt!MiIssueHardFault+0x489
- ffffcc08`7b4b7860 fffff800`4adcf320 : 00000000`0000031d ffffcc08`7b4b7a80 00000000`1aeff000 ffffcc08`7b4b7a80 : nt!MmAccessFault+0x40b
- ffffcc08`7b4b7a00 00000000`751fe7c1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffffcc08`7b4b7a00)
- 00000000`0be3f3f4 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x751fe7c1
- ========================================================================
- ======================= Dump #5: ANALYZE VERBOSE =======================
- ====================== File: 080320-45250-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 18362 MP (4 procs) Free x64
- Kernel base = 0xfffff807`6ca00000 PsLoadedModuleList = 0xfffff807`6ce48210
- Debug session time: Mon Aug 3 11:44:10.097 2020 (UTC - 4:00)
- System Uptime: 0 days 0:06:41.770
- BugCheck 1A, {3f, 7680, 7680, f30b3054}
- *** WARNING: Unable to verify timestamp for win32k.sys
- *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
- Probably caused by : memory_corruption
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 000000000000003f, The subtype of the bugcheck.
- Arg2: 0000000000007680
- Arg3: 0000000000007680
- Arg4: 00000000f30b3054
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
- The data read from storage does not match the original data written.
- This indicates the data was corrupted by the storage stack, or device hardware.
- BUGCHECK_STR: 0x1a_3f
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: MemCompression
- CURRENT_IRQL: 2
- PAGE_HASH_ERRORS_DETECTED: 1
- TRAP_FRAME: ffffd28445e7f460 -- (.trap 0xffffd28445e7f460)
- NOTE: The trap frame does not contain all registers.
- Some register values may be zeroed or incorrect.
- rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000011
- rdx=fffff8076cf8f4b0 rsi=0000000000000000 rdi=0000000000000000
- rip=fffff8076cfcb230 rsp=ffffd28445e7f5f0 rbp=ffffd788896c0080
- r8=ffffd28445e7f5f8 r9=ffff8089848fe390 r10=ffff8089848fe388
- r11=ffff8089848fe380 r12=0000000000000000 r13=0000000000000000
- r14=0000000000000000 r15=0000000000000000
- iopl=0 nv up ei ng nz na po nc
- nt!ObLogSecurityDescriptor+0xa0:
- fffff807`6cfcb230 48395f10 cmp qword ptr [rdi+10h],rbx ds:00000000`00000010=????????????????
- Resetting default scope
- LAST_CONTROL_TRANSFER: from fffff8076cc63d96 to fffff8076cbc1220
- STACK_TEXT:
- ffffd284`45e7e518 fffff807`6cc63d96 : 00000000`0000001a 00000000`0000003f 00000000`00007680 00000000`00007680 : nt!KeBugCheckEx
- ffffd284`45e7e520 fffff807`6ca8df32 : ffffd788`839fe980 ffffffff`ffffffff 00000000`00000000 ffffd788`839fea70 : nt!MiValidatePagefilePageHash+0x10176a
- ffffd284`45e7e600 fffff807`6ca8d47d : 00000000`00000002 ffffd284`00000000 ffffd284`45e7e7b8 fffff807`00000000 : nt!MiWaitForInPageComplete+0x472
- ffffd284`45e7e710 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 0000019d`1458eb20 fffff807`6cafb446 : nt!MiIssueHardFault+0x1ad
- ffffd284`45e7e810 fffff807`6cbcf320 : fffff807`6ce6a480 ffffd788`893870c0 ffffd284`45e7edd8 fffff300`00000000 : nt!MmAccessFault+0x40b
- ffffd284`45e7e9b0 fffff807`6cb5e150 : ffff9200`12ff1000 ffffd788`88b54050 fffff807`6ca5cfc0 ffff9200`12ff1000 : nt!KiPageFault+0x360
- ffffd284`45e7eb48 fffff807`6ca5cfc0 : ffff9200`12ff1000 ffff9200`12ff1000 00000000`00000002 0000019d`1458eb20 : nt!RtlDecompressBufferXpressLz+0x50
- ffffd284`45e7eb60 fffff807`6cb5fed9 : 00000000`00000000 0a000000`00000003 00000000`00000000 ffffd788`88b55788 : nt!RtlDecompressBufferEx+0x60
- ffffd284`45e7ebb0 fffff807`6cb5fd64 : 00000000`00000004 ffffd284`45e7edc0 00000000`00000000 00000000`00000015 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffffd284`45e7ec90 fffff807`6cb5fbe2 : 00000000`00000001 00000000`0001eb20 ffffd788`0001eb20 ffffd788`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffd284`45e7ece0 fffff807`6cb5fa0b : ffffd788`ffffffff ffffd788`8b060000 ffffd284`45e7edc0 ffffd788`8c4eba90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffd284`45e7ed80 fffff807`6cb5f851 : ffffd788`8b060000 00000000`00000000 00000000`00000003 ffffd788`88b55788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffd284`45e7ee30 fffff807`6cb5f761 : ffffd788`88b54000 ffffd788`8c4eba90 ffffd788`8b060000 ffffd788`88b559b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffd284`45e7eeb0 fffff807`6ca69e18 : ffffd788`896c0080 ffffd788`88b54000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffd284`45e7eee0 fffff807`6cb62cc1 : fffff807`6cb5f740 ffffd284`45e7ef90 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffd284`45e7ef50 fffff807`6cb4b941 : ffffd284`45e7f050 fffff807`6cf8db78 ffffd788`88b54000 ffffd284`45e7f1a0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffd284`45e7f020 fffff807`6cb4b527 : 00000000`0000000c ffffd788`88b54000 ffffd284`45e7f0d0 ffffd788`8c4eba90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffd284`45e7f070 fffff807`6cb61fd3 : 00000000`0000000c ffffd788`8c4eba90 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffd284`45e7f100 fffff807`6cb636af : ffffd788`00000001 ffffd788`860ac800 00000000`00000000 ffffd788`88b54000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffd284`45e7f170 fffff807`6ca8e05b : fffff807`6ce68d00 00000000`00000001 fffff807`6ce68dc0 fffff807`6ca74ee6 : nt!SmPageRead+0x33
- ffffd284`45e7f1c0 fffff807`6ca8d759 : 00000000`00000002 ffffd284`45e7f250 ffffd284`45e7f3b8 fffff379`a0226070 : nt!MiIssueHardFaultIo+0x117
- ffffd284`45e7f210 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 ffff8089`81d9ddd0 ffff8089`81d9ddd0 : nt!MiIssueHardFault+0x489
- ffffd284`45e7f2c0 fffff807`6cbcf320 : ffffd284`45e7f7f0 ffffd284`45e7f560 ffff8089`848fe2d0 ffffd284`00000000 : nt!MmAccessFault+0x40b
- ffffd284`45e7f460 fffff807`6cfcb230 : f99e029c`17e6150b ffff8089`00000000 ffffd284`00000001 fffff807`6cf8f4b0 : nt!KiPageFault+0x360
- ffffd284`45e7f5f0 fffff807`6cfca64e : ffffd284`000000bc ffffd284`45e7f6a8 ffffd788`00000010 00000000`000000bc : nt!ObLogSecurityDescriptor+0xa0
- ffffd284`45e7f670 fffff807`6cfcb034 : 00000000`00000000 ffffd284`45e7f7f0 ffff8089`7ea210a0 00000000`00000000 : nt!ObSetSecurityDescriptorInfo+0x8e
- ffffd284`45e7f6e0 fffff807`6cfcc299 : 00000000`00000008 00000000`00000000 ffff8089`7a409350 fffff807`6cfdf847 : nt!SeDefaultObjectMethod+0x104
- ffffd284`45e7f740 fffff807`6cfca969 : ffff8089`7ea210a0 ffff8089`00000004 00000000`00000002 ffff8089`7ea210d0 : nt!ObSetSecurityObjectByPointer+0x89
- ffffd284`45e7f7a0 fffff807`6cfdafd1 : 00000000`00000000 00000000`00000000 ffffd284`45e7f900 00000000`00000000 : nt!SepAppendAceToTokenObjectAcl+0x229
- ffffd284`45e7f870 fffff807`6cfdb1db : ffff8089`85cbb770 00000000`00000002 00000000`00000000 00000000`00000001 : nt!SepAppendAdminAceToTokenAcl+0x15
- ffffd284`45e7f8a0 fffff807`6cbd2b15 : ffffd788`896c0080 00000055`df97d008 00000055`df97d028 00000000`00000000 : nt!NtDuplicateToken+0x1db
- ffffd284`45e7f990 00007ff8`b773c904 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 00000055`df97cfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`b773c904
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8076ca1fd35-fffff8076ca1fd36 2 bytes - nt!MmMapLockedPagesSpecifyCache+e5
- [ 80 f6:00 f3 ]
- fffff8076ca4b209-fffff8076ca4b20a 2 bytes - nt!MmUnlockPages+e9 (+0x2b4d4)
- [ 80 fa:00 c7 ]
- fffff8076ca4bb1f-fffff8076ca4bb20 2 bytes - nt!MmUnmapLockedPages+8f (+0x916)
- [ 80 f6:00 f3 ]
- fffff8076ca4bb7f-fffff8076ca4bb83 5 bytes - nt!MmUnmapLockedPages+ef (+0x60)
- [ d0 be 7d fb f6:60 de bc 79 f3 ]
- fffff8076ca73034-fffff8076ca73038 5 bytes - nt!MmAccessFault+4a4 (+0x274b5)
- [ df be 7d fb f6:6f de bc 79 f3 ]
- fffff8076ca8d4dc-fffff8076ca8d4dd 2 bytes - nt!MiIssueHardFault+20c (+0x1a4a8)
- [ 80 f6:00 f3 ]
- fffff8076ca8fee8-fffff8076ca8feec 5 bytes - nt!MiProbeAndLockPages+98 (+0x2a0c)
- [ d0 be 7d fb f6:60 de bc 79 f3 ]
- fffff8076ca8fefa-fffff8076ca8fefe 5 bytes - nt!MiProbeAndLockPages+aa (+0x12)
- [ d7 be 7d fb f6:67 de bc 79 f3 ]
- fffff8076caef4da-fffff8076caef4db 2 bytes - nt!MmBuildMdlForNonPagedPool+5a (+0x5f5e0)
- [ 80 f6:00 f3 ]
- fffff8076caef528-fffff8076caef529 2 bytes - nt!MmBuildMdlForNonPagedPool+a8 (+0x4e)
- [ 80 fa:00 c7 ]
- fffff8076caef52f-fffff8076caef533 5 bytes - nt!MmBuildMdlForNonPagedPool+af (+0x07)
- [ d0 be 7d fb f6:60 de bc 79 f3 ]
- fffff8076caf50fe-fffff8076caf50ff 2 bytes - nt!MmUnmapIoSpace+7e (+0x5bcf)
- [ 80 f6:00 f3 ]
- fffff8076cafe662-fffff8076cafe663 2 bytes - nt!MmAllocateIndependentPagesEx+aa (+0x9564)
- [ 80 f6:00 f3 ]
- fffff8076cb63797-fffff8076cb63798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x65135)
- [ 48 ff:4c 8b ]
- fffff8076cb6379e-fffff8076cb637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
- [ 0f 1f 44 00:e8 1d 40 95 ]
- fffff8076ccc139f-fffff8076ccc13a0 2 bytes - nt!MiUnmapMdlCommon+8b (+0x15dc01)
- [ 80 f6:00 f3 ]
- fffff8076ccc1d2d-fffff8076ccc1d2e 2 bytes - nt!MmProtectMdlSystemAddress+cd (+0x98e)
- [ 80 f6:00 f3 ]
- 51 errors : !nt (fffff8076ca1fd35-fffff8076ccc1d2e)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-08-03T15:44:10.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
- ====================== Dump #5: 3RD PARTY DRIVERS ======================
- Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
- May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
- May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
- Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
- Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
- Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
- Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
- Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
- May 19 2020 - igdkmd64.sys - Intel HD graphics driver
- May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
- Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
- Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
- Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
- ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
- ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
- ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
- ================== Dump #5: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
- Image name: klmouflt.sys
- Search : https://www.google.com/search?q=klmouflt.sys
- ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
- Timestamp : Fri Sep 12 1975
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Search : https://www.google.com/search?q=klwtp.sys
- ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
- Timestamp : Sat May 5 2007
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Search : https://www.google.com/search?q=klbackupdisk.sys
- ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
- Timestamp : Sun Apr 13 2008
- Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
- Image name: AsUpIO.sys
- Search : https://www.google.com/search?q=AsUpIO.sys
- ADA Info : ASUS Update Input Output driver http://www.asus.com/
- Timestamp : Mon Aug 2 2010
- Image path: \SystemRoot\System32\drivers\ScpVBus.sys
- Image name: ScpVBus.sys
- Search : https://www.google.com/search?q=ScpVBus.sys
- ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
- Timestamp : Sun May 5 2013
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Search : https://www.google.com/search?q=klim6.sys
- ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
- Timestamp : Wed Jan 7 2015
- Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
- Image name: SCDEmu.SYS
- Search : https://www.google.com/search?q=SCDEmu.SYS
- ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
- Timestamp : Tue Jun 6 2017
- Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
- Image name: YSDrv.sys
- Search : https://www.google.com/search?q=YSDrv.sys
- ADA Info : VirtualBox Support driver
- Timestamp : Wed Oct 11 2017
- Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Search : https://www.google.com/search?q=TeeDriverW8x64.sys
- ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
- Timestamp : Sun Nov 19 2017
- File version: 11.7.0.1057
- Product version: 11.7.0.1057
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- CompanyName: Intel Corporation
- ProductName: Intel(R) Management Engine Interface
- InternalName: TeeDriverx64.sys
- OriginalFilename: TeeDriverx64.sys
- ProductVersion: 11.7.0.1057
- FileVersion: 11.7.0.1057
- FileDescription: Intel(R) Management Engine Interface
- LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
- Image path: \SystemRoot\System32\drivers\kltap.sys
- Image name: kltap.sys
- Search : https://www.google.com/search?q=kltap.sys
- ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
- Timestamp : Fri Mar 16 2018
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Nov 13 2018
- Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
- Image name: klupd_klif_kimul.sys
- Search : https://www.google.com/search?q=klupd_klif_kimul.sys
- ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
- Timestamp : Tue Jan 22 2019
- Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
- Image name: cm_km.sys
- Search : https://www.google.com/search?q=cm_km.sys
- ADA Info : Kaspersky Cryptographic Module Driver
- Timestamp : Fri Feb 15 2019
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Search : https://www.google.com/search?q=klwfp.sys
- ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
- Timestamp : Tue Feb 26 2019
- Image path: \SystemRoot\system32\drivers\womic.sys
- Image name: womic.sys
- Search : https://www.google.com/search?q=womic.sys
- ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
- Timestamp : Wed Jul 3 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
- Image name: IntcDAud.sys
- Search : https://www.google.com/search?q=IntcDAud.sys
- ADA Info : Intel Display Audio Driver http://www.intel.com/
- Timestamp : Tue Feb 25 2020
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Search : https://www.google.com/search?q=klif.sys
- ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
- Timestamp : Fri Mar 13 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
- Image name: klupd_klif_mark.sys
- Search : https://www.google.com/search?q=klupd_klif_mark.sys
- ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
- Timestamp : Fri Mar 20 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
- ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
- Timestamp : Sun Mar 22 2020
- Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
- Image name: tapprotonvpn.sys
- Search : https://www.google.com/search?q=tapprotonvpn.sys
- ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
- Timestamp : Thu Apr 2 2020
- Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
- Image name: igdkmd64.sys
- Search : https://www.google.com/search?q=igdkmd64.sys
- ADA Info : Intel HD graphics driver
- Timestamp : Tue May 19 2020
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 26 2020
- Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
- Image name: klupd_klif_klbg.sys
- Search : https://www.google.com/search?q=klupd_klif_klbg.sys
- ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
- Timestamp : Wed Jun 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Search : https://www.google.com/search?q=klgse.sys
- ADA Info : Kaspersky Security Extender driver
- Timestamp : Fri Jun 19 2020
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Search : https://www.google.com/search?q=klhk.sys
- ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
- Timestamp : Fri Jun 19 2020
- Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
- Image name: klids.sys
- Search : https://www.google.com/search?q=klids.sys
- ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
- Timestamp : Fri Jul 17 2020
- Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
- Image name: klkbdflt.sys
- Search : https://www.google.com/search?q=klkbdflt.sys
- ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
- Timestamp : Tue Nov 16 2021
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Search : https://www.google.com/search?q=klpd.sys
- ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
- Timestamp : Tue Mar 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Search : https://www.google.com/search?q=klflt.sys
- ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
- Timestamp : Mon Aug 13 2029
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Search : https://www.google.com/search?q=klbackupflt.sys
- ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
- Timestamp : ***** Invalid (946E4501)
- Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
- Image name: kldisk.sys
- Search : https://www.google.com/search?q=kldisk.sys
- ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
- Timestamp : ***** Invalid (B1F414C8)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Search : https://www.google.com/search?q=kneps.sys
- ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
- Timestamp : ***** Invalid (E34C73F4)
- ====================== Dump #5: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- condrv.sys Console Driver (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- fastfat.SYS Fast FAT File System Driver (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- intelppm.sys Processor Device Driver (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- parport.sys Parallel Port Driver (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- serenum.sys Serial Port Enumerator (Microsoft)
- serial.sys Serial Device Driver
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- UEFI.sys UEFI NT driver (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- winquic.sys QUIC Transport Protocol driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #5: UNLOADED MODULES =======================
- fffff807`77450000 fffff807`77489000 klids.sys
- fffff807`76740000 fffff807`7674f000 dump_storpor
- fffff807`76780000 fffff807`767af000 dump_storahc
- fffff807`767d0000 fffff807`767ee000 dump_dumpfve
- fffff807`6b140000 fffff807`6b14b000 klpnpflt.sys
- fffff807`6b0d0000 fffff807`6b0db000 klpnpflt.sys
- fffff807`79b00000 fffff807`79b0b000 klpnpflt.sys
- fffff807`774f0000 fffff807`7750e000 dam.sys
- fffff807`6f9b0000 fffff807`6f9be000 klelam.sys
- fffff807`709e0000 fffff807`709f0000 hwpolicy.sys
- ====================== Dump #5: BIOS INFORMATION =======================
- sysinfo: could not find necessary interfaces.
- sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
- ========================== Dump #5: Extra #1 ===========================
- 0: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #5: Extra #2 ===========================
- 0: kd> !thread
- THREAD ffffd788896c0080 Cid 0df8.216c Teb: 00000055dee5e000 Win32Thread: 0000000000000000 RUNNING on processor 0
- Impersonation token: ffff808985cbb770 (Level Identification)
- GetUlongFromAddress: unable to read from fffff8076ce2ca14
- Owning Process ffffd788893870c0 Image: System Process
- Attached Process ffffd78888b56040 Image: MemCompression
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 25711
- Context Switch Count 1006 IdealProcessor: 3
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff8b76d3d60
- Stack Init ffffd28445e7fb90 Current ffffd28445e7e260
- Base ffffd28445e80000 Limit ffffd28445e79000 Call 0000000000000000
- Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- ffffd284`45e7e518 fffff807`6cc63d96 : 00000000`0000001a 00000000`0000003f 00000000`00007680 00000000`00007680 : nt!KeBugCheckEx
- ffffd284`45e7e520 fffff807`6ca8df32 : ffffd788`839fe980 ffffffff`ffffffff 00000000`00000000 ffffd788`839fea70 : nt!MiValidatePagefilePageHash+0x10176a
- ffffd284`45e7e600 fffff807`6ca8d47d : 00000000`00000002 ffffd284`00000000 ffffd284`45e7e7b8 fffff807`00000000 : nt!MiWaitForInPageComplete+0x472
- ffffd284`45e7e710 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 0000019d`1458eb20 fffff807`6cafb446 : nt!MiIssueHardFault+0x1ad
- ffffd284`45e7e810 fffff807`6cbcf320 : fffff807`6ce6a480 ffffd788`893870c0 ffffd284`45e7edd8 fffff300`00000000 : nt!MmAccessFault+0x40b
- ffffd284`45e7e9b0 fffff807`6cb5e150 : ffff9200`12ff1000 ffffd788`88b54050 fffff807`6ca5cfc0 ffff9200`12ff1000 : nt!KiPageFault+0x360 (TrapFrame @ ffffd284`45e7e9b0)
- ffffd284`45e7eb48 fffff807`6ca5cfc0 : ffff9200`12ff1000 ffff9200`12ff1000 00000000`00000002 0000019d`1458eb20 : nt!RtlDecompressBufferXpressLz+0x50
- ffffd284`45e7eb60 fffff807`6cb5fed9 : 00000000`00000000 0a000000`00000003 00000000`00000000 ffffd788`88b55788 : nt!RtlDecompressBufferEx+0x60
- ffffd284`45e7ebb0 fffff807`6cb5fd64 : 00000000`00000004 ffffd284`45e7edc0 00000000`00000000 00000000`00000015 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
- ffffd284`45e7ec90 fffff807`6cb5fbe2 : 00000000`00000001 00000000`0001eb20 ffffd788`0001eb20 ffffd788`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
- ffffd284`45e7ece0 fffff807`6cb5fa0b : ffffd788`ffffffff ffffd788`8b060000 ffffd284`45e7edc0 ffffd788`8c4eba90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
- ffffd284`45e7ed80 fffff807`6cb5f851 : ffffd788`8b060000 00000000`00000000 00000000`00000003 ffffd788`88b55788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
- ffffd284`45e7ee30 fffff807`6cb5f761 : ffffd788`88b54000 ffffd788`8c4eba90 ffffd788`8b060000 ffffd788`88b559b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
- ffffd284`45e7eeb0 fffff807`6ca69e18 : ffffd788`896c0080 ffffd788`88b54000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
- ffffd284`45e7eee0 fffff807`6cb62cc1 : fffff807`6cb5f740 ffffd284`45e7ef90 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
- ffffd284`45e7ef50 fffff807`6cb4b941 : ffffd284`45e7f050 fffff807`6cf8db78 ffffd788`88b54000 ffffd284`45e7f1a0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
- ffffd284`45e7f020 fffff807`6cb4b527 : 00000000`0000000c ffffd788`88b54000 ffffd284`45e7f0d0 ffffd788`8c4eba90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
- ffffd284`45e7f070 fffff807`6cb61fd3 : 00000000`0000000c ffffd788`8c4eba90 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
- ffffd284`45e7f100 fffff807`6cb636af : ffffd788`00000001 ffffd788`860ac800 00000000`00000000 ffffd788`88b54000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
- ffffd284`45e7f170 fffff807`6ca8e05b : fffff807`6ce68d00 00000000`00000001 fffff807`6ce68dc0 fffff807`6ca74ee6 : nt!SmPageRead+0x33
- ffffd284`45e7f1c0 fffff807`6ca8d759 : 00000000`00000002 ffffd284`45e7f250 ffffd284`45e7f3b8 fffff379`a0226070 : nt!MiIssueHardFaultIo+0x117
- ffffd284`45e7f210 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 ffff8089`81d9ddd0 ffff8089`81d9ddd0 : nt!MiIssueHardFault+0x489
- ffffd284`45e7f2c0 fffff807`6cbcf320 : ffffd284`45e7f7f0 ffffd284`45e7f560 ffff8089`848fe2d0 ffffd284`00000000 : nt!MmAccessFault+0x40b
- ffffd284`45e7f460 fffff807`6cfcb230 : f99e029c`17e6150b ffff8089`00000000 ffffd284`00000001 fffff807`6cf8f4b0 : nt!KiPageFault+0x360 (TrapFrame @ ffffd284`45e7f460)
- ffffd284`45e7f5f0 fffff807`6cfca64e : ffffd284`000000bc ffffd284`45e7f6a8 ffffd788`00000010 00000000`000000bc : nt!ObLogSecurityDescriptor+0xa0
- ffffd284`45e7f670 fffff807`6cfcb034 : 00000000`00000000 ffffd284`45e7f7f0 ffff8089`7ea210a0 00000000`00000000 : nt!ObSetSecurityDescriptorInfo+0x8e
- ffffd284`45e7f6e0 fffff807`6cfcc299 : 00000000`00000008 00000000`00000000 ffff8089`7a409350 fffff807`6cfdf847 : nt!SeDefaultObjectMethod+0x104
- ffffd284`45e7f740 fffff807`6cfca969 : ffff8089`7ea210a0 ffff8089`00000004 00000000`00000002 ffff8089`7ea210d0 : nt!ObSetSecurityObjectByPointer+0x89
- ffffd284`45e7f7a0 fffff807`6cfdafd1 : 00000000`00000000 00000000`00000000 ffffd284`45e7f900 00000000`00000000 : nt!SepAppendAceToTokenObjectAcl+0x229
- ffffd284`45e7f870 fffff807`6cfdb1db : ffff8089`85cbb770 00000000`00000002 00000000`00000000 00000000`00000001 : nt!SepAppendAdminAceToTokenAcl+0x15
- ffffd284`45e7f8a0 fffff807`6cbd2b15 : ffffd788`896c0080 00000055`df97d008 00000055`df97d028 00000000`00000000 : nt!NtDuplicateToken+0x1db
- ffffd284`45e7f990 00007ff8`b773c904 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ ffffd284`45e7fa00)
- 00000055`df97cfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`b773c904
Add Comment
Please, Sign In to add comment