API tools faq
paste
Guest User

Untitled

a guest
Aug 3rd, 2020
68
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 195.71 KB | None | 0 0
raw download clone embed print report
  1. ========================== AUTO DUMP ANALYZER ==========================
  2. Auto Dump Analyzer
  3. Version: 0.91
  4. Time to analyze file(s): 00 hours and 04 minutes and 30 seconds
  5.  
  6. ================================= CPU ==================================
  7. COUNT: 4
  8. MHZ: 3912
  9. VENDOR: GenuineIntel
  10. FAMILY: 6
  11. MODEL: 9e
  12. STEPPING: 9
  13.  
  14. ================================== OS ==================================
  15. Product: WinNt, suite: TerminalServer SingleUserTS
  16. Built by: 18362.1.amd64fre.19h1_release.190318-1202
  17. BUILD_VERSION: 10.0.18362.418 (WinBuild.160101.0800)
  18. BUILD: 18362
  19. SERVICEPACK: 418
  20. PLATFORM_TYPE: x64
  21. NAME: Windows 10
  22. EDITION: Windows 10 WinNt TerminalServer SingleUserTS
  23. BUILD_TIMESTAMP: unknown_date
  24. BUILDDATESTAMP: 160101.0800
  25. BUILDLAB: WinBuild
  26. BUILDOSVER: 10.0.18362.418
  27.  
  28. =============================== DEBUGGER ===============================
  29. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  30. Copyright (c) Microsoft Corporation. All rights reserved.
  31.  
  32. =============================== COMMENTS ===============================
  33. * Information gathered from different dump files may be different. If
  34. Windows updates between two dump files, two or more OS versions may
  35. be shown above.
  36. * Additional BIOS information was not included in the dump file(s). This
  37. can be caused by an outdated BIOS.
  38.  
  39. ========================================================================
  40. ======================= Dump #1: ANALYZE VERBOSE =======================
  41. ====================== File: 080320-53171-01.dmp =======================
  42. ========================================================================
  43.  
  44. Mini Kernel Dump File: Only registers and stack trace are available
  45. Windows 10 Kernel Version 18362 MP (4 procs) Free x64
  46. Kernel base = 0xfffff806`62e00000 PsLoadedModuleList = 0xfffff806`63248210
  47. Debug session time: Mon Aug 3 01:38:35.516 2020 (UTC - 4:00)
  48. System Uptime: 0 days 0:09:03.189
  49.  
  50. BugCheck 1A, {3f, f3fe, f3fe, 74092595}
  51. *** WARNING: Unable to verify timestamp for win32k.sys
  52. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  53. Probably caused by : memory_corruption
  54. Followup: memory_corruption
  55. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  56.  
  57. MEMORY_MANAGEMENT (1a)
  58. # Any other values for parameter 1 must be individually examined.
  59.  
  60. Arguments:
  61. Arg1: 000000000000003f, The subtype of the bugcheck.
  62. Arg2: 000000000000f3fe
  63. Arg3: 000000000000f3fe
  64. Arg4: 0000000074092595
  65.  
  66. Debugging Details:
  67. DUMP_CLASS: 1
  68. DUMP_QUALIFIER: 400
  69. DUMP_TYPE: 2
  70. ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
  71. The data read from storage does not match the original data written.
  72. This indicates the data was corrupted by the storage stack, or device hardware.
  73. BUGCHECK_STR: 0x1a_3f
  74. CUSTOMER_CRASH_COUNT: 1
  75. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  76.  
  77. PROCESS_NAME: MemCompression
  78.  
  79. CURRENT_IRQL: 2
  80. PAGE_HASH_ERRORS_DETECTED: 1
  81. TRAP_FRAME: fffffe056b8bf290 -- (.trap 0xfffffe056b8bf290)
  82. NOTE: The trap frame does not contain all registers.
  83. Some register values may be zeroed or incorrect.
  84. rax=ffffa28bc0d99078 rbx=0000000000000000 rcx=ffffa28bbc7de080
  85. rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
  86. rip=fffff8066699f950 rsp=fffffe056b8bf428 rbp=fffffe056b8bf4f9
  87. r8=0000000000000000 r9=0000000000000004 r10=0000000000000008
  88. r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  89. r14=0000000000000000 r15=0000000000000000
  90. iopl=0 nv up ei pl zr na po nc
  91. ndis!NdisSetThreadObjectCompartmentId:
  92. fffff806`6699f950 89542410 mov dword ptr [rsp+10h],edx ss:0018:fffffe05`6b8bf438=c0d99078
  93. Resetting default scope
  94. LAST_CONTROL_TRANSFER: from fffff80663063d96 to fffff80662fc1220
  95. STACK_TEXT:
  96. fffffe05`6b8be348 fffff806`63063d96 : 00000000`0000001a 00000000`0000003f 00000000`0000f3fe 00000000`0000f3fe : nt!KeBugCheckEx
  97. fffffe05`6b8be350 fffff806`62e8df32 : ffffa28b`c08bf800 ffffffff`ffffffff 00000000`00000000 ffffa28b`c08bf8f0 : nt!MiValidatePagefilePageHash+0x10176a
  98. fffffe05`6b8be430 fffff806`62e8d47d : 00000000`00000002 fffffe05`00000000 fffffe05`6b8be5e8 fffff806`00000000 : nt!MiWaitForInPageComplete+0x472
  99. fffffe05`6b8be540 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 000001a7`6b80f770 00000000`00000001 : nt!MiIssueHardFault+0x1ad
  100. fffffe05`6b8be640 fffff806`62fcf320 : fffffe05`6b8be9c0 fffff806`62eb39e4 fffffe05`6b8bec08 ffff8901`9d2c0180 : nt!MmAccessFault+0x40b
  101. fffffe05`6b8be7e0 fffff806`62f5e150 : ffff8901`9e9a2000 ffffa28b`baeec050 fffff806`62e5cfc0 ffff8901`9e9a2000 : nt!KiPageFault+0x360
  102. fffffe05`6b8be978 fffff806`62e5cfc0 : ffff8901`9e9a2000 ffff8901`9e9a2000 00000000`00000002 000001a7`6b80f770 : nt!RtlDecompressBufferXpressLz+0x50
  103. fffffe05`6b8be990 fffff806`62f5fed9 : 00000000`00000000 00002000`00000001 00000000`00000000 ffffa28b`baeed788 : nt!RtlDecompressBufferEx+0x60
  104. fffffe05`6b8be9e0 fffff806`62f5fd64 : 00000000`00000004 fffffe05`6b8bebf0 00000000`00000000 00000000`0000004d : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  105. fffffe05`6b8beac0 fffff806`62f5fbe2 : 00000000`00000001 00000000`0000f770 ffffa28b`0000f770 ffffa28b`0000d000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  106. fffffe05`6b8beb10 fffff806`62f5fa0b : 00000000`ffffffff ffffa28b`c0963000 fffffe05`6b8bebf0 ffffa28b`babe5d90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  107. fffffe05`6b8bebb0 fffff806`62f5f851 : ffffa28b`c0963000 00000000`00000000 00000000`00000001 ffffa28b`baeed788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  108. fffffe05`6b8bec60 fffff806`62f5f761 : ffffa28b`baeec000 ffffa28b`babe5d90 ffffa28b`c0963000 ffffa28b`baeed9b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  109. fffffe05`6b8bece0 fffff806`62e69e18 : ffffa28b`bc7de080 ffffa28b`baeec000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  110. fffffe05`6b8bed10 fffff806`62f62cc1 : fffff806`62f5f740 fffffe05`6b8bedc0 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  111. fffffe05`6b8bed80 fffff806`62f4b941 : fffffe05`6b8bee80 fffff806`62edfec7 ffffa28b`baeec000 fffffe05`6b8befd0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  112. fffffe05`6b8bee50 fffff806`62f4b527 : 00000000`0000000c ffffa28b`baeec000 fffffe05`6b8bef00 ffffa28b`babe5d90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  113. fffffe05`6b8beea0 fffff806`62f61fd3 : 00000000`0000000c ffffa28b`babe5d90 00000000`0000000d 00000000`0000000d : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  114. fffffe05`6b8bef30 fffff806`62f636af : ffffa28b`0000000d ffffa28b`b8fc4e70 00000000`00000000 ffffa28b`baeec000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  115. fffffe05`6b8befa0 fffff806`62e8e05b : fffff806`63268bc0 00000000`00000001 fffff806`63268c80 fffff806`62e74ee6 : nt!SmPageRead+0x33
  116. fffffe05`6b8beff0 fffff806`62e8d759 : 00000000`00000002 fffffe05`6b8bf080 fffffe05`6b8bf1e8 ffffb95c`be0199a0 : nt!MiIssueHardFaultIo+0x117
  117. fffffe05`6b8bf040 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 fffff806`6699f950 fffff806`6699f950 : nt!MiIssueHardFault+0x489
  118. fffffe05`6b8bf0f0 fffff806`62fcf320 : 00000000`0002001f 00000000`00000000 00000000`00000000 00000000`0002001f : nt!MmAccessFault+0x40b
  119. fffffe05`6b8bf290 fffff806`6699f950 : fffff806`668aa69c 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 : nt!KiPageFault+0x360
  120. fffffe05`6b8bf428 fffff806`668aa69c : 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 00000000`00000000 : ndis!NdisSetThreadObjectCompartmentId
  121. fffffe05`6b8bf430 fffff806`6652e57d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisNsiSetThreadInformation+0x4c
  122. fffffe05`6b8bf460 fffff806`6d8f1ba5 : 00000000`00000000 00000000`00000001 ffffa28b`c0d99010 000000ef`17cef780 : NETIO!NsiSetParameterEx+0x14d
  123. fffffe05`6b8bf560 fffff806`6d8f27b6 : 00000000`00000000 ffffa28b`bf9a0440 ffffa28b`bf9a0370 00000000`00000004 : nsiproxy!NsippSetParameter+0x195
  124. fffffe05`6b8bf6d0 fffff806`62e31f39 : 00000000`00000002 00000000`00000000 ffffa28b`bc9bc160 ffffa28b`ba9599f0 : nsiproxy!NsippDispatch+0x196
  125. fffffe05`6b8bf720 fffff806`633e93f5 : ffffa28b`bf9a0370 00000000`00000000 00000000`00000000 ffffa28b`bc9bc160 : nt!IofCallDriver+0x59
  126. fffffe05`6b8bf760 fffff806`633e9200 : 00000000`00000000 00000000`00040800 ffffa28b`bc9bc160 fffffe05`6b8bfa80 : nt!IopSynchronousServiceTail+0x1a5
  127. fffffe05`6b8bf800 fffff806`633e85d6 : 000000ef`17cef610 00000000`0000016c 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc10
  128. fffffe05`6b8bf920 fffff806`62fd2b15 : ffffa28b`bc7de080 000000ef`17cef5f8 fffffe05`6b8bf9a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
  129. fffffe05`6b8bf990 00007ffe`eaa5c1a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  130. 000000ef`17cef688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`eaa5c1a4
  131. STACK_COMMAND: kb
  132. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  133. fffff80662e73034-fffff80662e73038 5 bytes - nt!MmAccessFault+4a4
  134. [ df be 7d fb f6:2f 57 ae 5c b9 ]
  135. fffff80662e8d4dc-fffff80662e8d4dd 2 bytes - nt!MiIssueHardFault+20c (+0x1a4a8)
  136. [ 80 f6:00 b9 ]
  137. fffff80662edff6c - nt!MiReplaceNumaStandbyPage+60 (+0x52a90)
  138. [ fa:99 ]
  139. fffff80662f63797-fffff80662f63798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x8382b)
  140. [ 48 ff:4c 8b ]
  141. fffff80662f6379e-fffff80662f637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
  142. [ 0f 1f 44 00:e8 1d 40 95 ]
  143. 14 errors : !nt (fffff80662e73034-fffff80662f637a1)
  144. MODULE_NAME: memory_corruption
  145.  
  146. IMAGE_NAME: memory_corruption
  147.  
  148. FOLLOWUP_NAME: memory_corruption
  149. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  150. MEMORY_CORRUPTOR: LARGE
  151. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  152. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  153. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  154. TARGET_TIME: 2020-08-03T05:38:35.000Z
  155. SUITE_MASK: 272
  156. PRODUCT_TYPE: 1
  157. USER_LCID: 0
  158. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  159. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  160. Followup: memory_corruption
  161. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  162.  
  163. ====================== Dump #1: 3RD PARTY DRIVERS ======================
  164.  
  165. Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
  166. May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  167. Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
  168. Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
  169. May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  170. Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  171. Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  172. Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
  173. Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
  174. Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
  175. Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  176. Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  177. Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
  178. Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
  179. Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  180. Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
  181. Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  182. Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  183. Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  184. Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
  185. May 19 2020 - igdkmd64.sys - Intel HD graphics driver
  186. May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  187. Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  188. Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
  189. Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
  190. Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  191. Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
  192. Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
  193. ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
  194. ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
  195. ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
  196.  
  197. ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
  198.  
  199. Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
  200. Image name: klmouflt.sys
  201. Search : https://www.google.com/search?q=klmouflt.sys
  202. ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
  203. Timestamp : Fri Sep 12 1975
  204.  
  205. Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
  206. Image name: klwtp.sys
  207. Search : https://www.google.com/search?q=klwtp.sys
  208. ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  209. Timestamp : Sat May 5 2007
  210.  
  211. Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
  212. Image name: klbackupdisk.sys
  213. Search : https://www.google.com/search?q=klbackupdisk.sys
  214. ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
  215. Timestamp : Sun Apr 13 2008
  216.  
  217. Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
  218. Image name: AsUpIO.sys
  219. Search : https://www.google.com/search?q=AsUpIO.sys
  220. ADA Info : ASUS Update Input Output driver http://www.asus.com/
  221. Timestamp : Mon Aug 2 2010
  222.  
  223. Image path: \SystemRoot\System32\drivers\ScpVBus.sys
  224. Image name: ScpVBus.sys
  225. Search : https://www.google.com/search?q=ScpVBus.sys
  226. ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  227. Timestamp : Sun May 5 2013
  228.  
  229. Image path: \SystemRoot\system32\DRIVERS\klim6.sys
  230. Image name: klim6.sys
  231. Search : https://www.google.com/search?q=klim6.sys
  232. ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  233. Timestamp : Wed Jan 7 2015
  234.  
  235. Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
  236. Image name: SCDEmu.SYS
  237. Search : https://www.google.com/search?q=SCDEmu.SYS
  238. ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  239. Timestamp : Tue Jun 6 2017
  240.  
  241. Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
  242. Image name: YSDrv.sys
  243. Search : https://www.google.com/search?q=YSDrv.sys
  244. ADA Info : VirtualBox Support driver
  245. Timestamp : Wed Oct 11 2017
  246.  
  247. Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
  248. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  249. Image name: TeeDriverW8x64.sys
  250. Search : https://www.google.com/search?q=TeeDriverW8x64.sys
  251. ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
  252. Timestamp : Sun Nov 19 2017
  253. File version: 11.7.0.1057
  254. Product version: 11.7.0.1057
  255. File flags: 8 (Mask 3F) Private
  256. File OS: 40004 NT Win32
  257. File type: 3.7 Driver
  258. File date: 00000000.00000000
  259. CompanyName: Intel Corporation
  260. ProductName: Intel(R) Management Engine Interface
  261. InternalName: TeeDriverx64.sys
  262. OriginalFilename: TeeDriverx64.sys
  263. ProductVersion: 11.7.0.1057
  264. FileVersion: 11.7.0.1057
  265. FileDescription: Intel(R) Management Engine Interface
  266. LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
  267.  
  268. Image path: \SystemRoot\System32\drivers\kltap.sys
  269. Image name: kltap.sys
  270. Search : https://www.google.com/search?q=kltap.sys
  271. ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
  272. Timestamp : Fri Mar 16 2018
  273.  
  274. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  275. Image name: RTKVHD64.sys
  276. Search : https://www.google.com/search?q=RTKVHD64.sys
  277. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  278. Timestamp : Tue Nov 13 2018
  279.  
  280. Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
  281. Image name: klupd_klif_kimul.sys
  282. Search : https://www.google.com/search?q=klupd_klif_kimul.sys
  283. ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  284. Timestamp : Tue Jan 22 2019
  285.  
  286. Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
  287. Image name: cm_km.sys
  288. Search : https://www.google.com/search?q=cm_km.sys
  289. ADA Info : Kaspersky Cryptographic Module Driver
  290. Timestamp : Fri Feb 15 2019
  291.  
  292. Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
  293. Image name: klwfp.sys
  294. Search : https://www.google.com/search?q=klwfp.sys
  295. ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
  296. Timestamp : Tue Feb 26 2019
  297.  
  298. Image path: \SystemRoot\system32\drivers\womic.sys
  299. Image name: womic.sys
  300. Search : https://www.google.com/search?q=womic.sys
  301. ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  302. Timestamp : Wed Jul 3 2019
  303.  
  304. Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
  305. Image name: IntcDAud.sys
  306. Search : https://www.google.com/search?q=IntcDAud.sys
  307. ADA Info : Intel Display Audio Driver http://www.intel.com/
  308. Timestamp : Tue Feb 25 2020
  309.  
  310. Image path: \SystemRoot\system32\DRIVERS\klif.sys
  311. Image name: klif.sys
  312. Search : https://www.google.com/search?q=klif.sys
  313. ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  314. Timestamp : Fri Mar 13 2020
  315.  
  316. Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
  317. Image name: klupd_klif_mark.sys
  318. Search : https://www.google.com/search?q=klupd_klif_mark.sys
  319. ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  320. Timestamp : Fri Mar 20 2020
  321.  
  322. Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
  323. Image name: klupd_klif_arkmon.sys
  324. Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
  325. ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  326. Timestamp : Sun Mar 22 2020
  327.  
  328. Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
  329. Image name: tapprotonvpn.sys
  330. Search : https://www.google.com/search?q=tapprotonvpn.sys
  331. ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
  332. Timestamp : Thu Apr 2 2020
  333.  
  334. Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
  335. Image name: igdkmd64.sys
  336. Search : https://www.google.com/search?q=igdkmd64.sys
  337. ADA Info : Intel HD graphics driver
  338. Timestamp : Tue May 19 2020
  339.  
  340. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  341. Image name: rt640x64.sys
  342. Search : https://www.google.com/search?q=rt640x64.sys
  343. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  344. Timestamp : Tue May 26 2020
  345.  
  346. Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
  347. Image name: klupd_klif_klbg.sys
  348. Search : https://www.google.com/search?q=klupd_klif_klbg.sys
  349. ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  350. Timestamp : Wed Jun 17 2020
  351.  
  352. Image path: \SystemRoot\system32\DRIVERS\klgse.sys
  353. Image name: klgse.sys
  354. Search : https://www.google.com/search?q=klgse.sys
  355. ADA Info : Kaspersky Security Extender driver
  356. Timestamp : Fri Jun 19 2020
  357.  
  358. Image path: \SystemRoot\system32\DRIVERS\klhk.sys
  359. Image name: klhk.sys
  360. Search : https://www.google.com/search?q=klhk.sys
  361. ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
  362. Timestamp : Fri Jun 19 2020
  363.  
  364. Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
  365. Image name: klkbdflt.sys
  366. Search : https://www.google.com/search?q=klkbdflt.sys
  367. ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  368. Timestamp : Tue Nov 16 2021
  369.  
  370. Image path: \SystemRoot\system32\DRIVERS\klpd.sys
  371. Image name: klpd.sys
  372. Search : https://www.google.com/search?q=klpd.sys
  373. ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
  374. Timestamp : Tue Mar 13 2029
  375.  
  376. Image path: \SystemRoot\system32\DRIVERS\klflt.sys
  377. Image name: klflt.sys
  378. Search : https://www.google.com/search?q=klflt.sys
  379. ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
  380. Timestamp : Mon Aug 13 2029
  381.  
  382. Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
  383. Image name: klbackupflt.sys
  384. Search : https://www.google.com/search?q=klbackupflt.sys
  385. ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
  386. Timestamp : ***** Invalid (946E4501)
  387.  
  388. Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
  389. Image name: kldisk.sys
  390. Search : https://www.google.com/search?q=kldisk.sys
  391. ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
  392. Timestamp : ***** Invalid (B1F414C8)
  393.  
  394. Image path: \SystemRoot\system32\DRIVERS\kneps.sys
  395. Image name: kneps.sys
  396. Search : https://www.google.com/search?q=kneps.sys
  397. ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
  398. Timestamp : ***** Invalid (E34C73F4)
  399.  
  400. ====================== Dump #1: MICROSOFT DRIVERS ======================
  401.  
  402. ACPI.sys ACPI Driver for NT (Microsoft)
  403. acpiex.sys ACPIEx Driver (Microsoft)
  404. acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
  405. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  406. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  407. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  408. ahcache.sys Application Compatibility Cache (Microsoft)
  409. bam.sys BAM Kernal driver (Microsoft)
  410. BasicDisplay.sys Basic Display driver (Microsoft)
  411. BasicRender.sys Basic Render driver (Microsoft)
  412. Beep.SYS BEEP driver (Microsoft)
  413. BOOTVID.dll VGA Boot Driver (Microsoft)
  414. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  415. cdd.dll Canonical Display Driver (Microsoft)
  416. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  417. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  418. CI.dll Code Integrity Module (Microsoft)
  419. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  420. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  421. CLFS.SYS Common Log File System Driver (Microsoft)
  422. clipsp.sys CLIP Service (Microsoft)
  423. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  424. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  425. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  426. condrv.sys Console Driver (Microsoft)
  427. crashdmp.sys Crash Dump driver (Microsoft)
  428. csc.sys Windows Client Side Caching driver (Microsoft)
  429. dfsc.sys DFS Namespace Client Driver (Microsoft)
  430. disk.sys PnP Disk Driver (Microsoft)
  431. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  432. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  433. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  434. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  435. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  436. dxgmms2.sys DirectX Graphics MMS
  437. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  438. fastfat.SYS Fast FAT File System Driver (Microsoft)
  439. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  440. fileinfo.sys FileInfo Filter Driver (Microsoft)
  441. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  442. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  443. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  444. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  445. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  446. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  447. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  448. HIDCLASS.SYS Hid Class Library (Microsoft)
  449. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  450. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  451. HTTP.sys HTTP Protocol Stack (Microsoft)
  452. intelpep.sys Intel Power Engine Plugin (Microsoft)
  453. intelppm.sys Processor Device Driver (Microsoft)
  454. iorate.sys I/O rate control Filter (Microsoft)
  455. kbdclass.sys Keyboard Class Driver (Microsoft)
  456. kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
  457. kd.dll Local Kernal Debugger (Microsoft)
  458. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  459. ks.sys Kernal CSA Library (Microsoft)
  460. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  461. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  462. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  463. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  464. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  465. mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
  466. mmcss.sys MMCSS Driver (Microsoft)
  467. monitor.sys Monitor Driver (Microsoft)
  468. mouclass.sys Mouse Class Driver (Microsoft)
  469. mouhid.sys HID Mouse Filter Driver (Microsoft)
  470. mountmgr.sys Mount Point Manager (Microsoft)
  471. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  472. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  473. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  474. Msfs.SYS Mailslot driver (Microsoft)
  475. msisadrv.sys ISA Driver (Microsoft)
  476. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  477. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  478. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  479. mssmbios.sys System Management BIOS driver (Microsoft)
  480. mup.sys Multiple UNC Provider driver (Microsoft)
  481. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  482. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  483. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  484. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  485. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  486. NDProxy.sys NDIS Proxy driver (Microsoft)
  487. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  488. netbios.sys NetBIOS Interface driver (Microsoft)
  489. netbt.sys MBT Transport driver (Microsoft)
  490. NETIO.SYS Network I/O Subsystem (Microsoft)
  491. Npfs.SYS NPFS driver (Microsoft)
  492. npsvctrig.sys Named pipe service triggers (Microsoft)
  493. nsiproxy.sys NSI Proxy driver (Microsoft)
  494. Ntfs.sys NT File System Driver (Microsoft)
  495. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  496. ntosext.sys NTOS Extension Host driver (Microsoft)
  497. Null.SYS NULL Driver (Microsoft)
  498. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  499. pacer.sys QoS Packet Scheduler (Microsoft)
  500. parport.sys Parallel Port Driver (Microsoft)
  501. partmgr.sys Partition driver (Microsoft)
  502. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  503. pcw.sys Performance Counter Driver (Microsoft)
  504. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  505. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  506. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  507. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  508. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  509. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  510. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  511. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  512. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  513. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  514. rdyboost.sys ReadyBoost Driver (Microsoft)
  515. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  516. serenum.sys Serial Port Enumerator (Microsoft)
  517. serial.sys Serial Device Driver
  518. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  519. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  520. spaceport.sys Storage Spaces driver (Microsoft)
  521. srv2.sys Smb 2.0 Server driver (Microsoft)
  522. srvnet.sys Server Network driver (Microsoft)
  523. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  524. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  525. storqosflt.sys Storage QoS Filter driver (Microsoft)
  526. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  527. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  528. tcpip.sys TCP/IP Protocol driver (Microsoft)
  529. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  530. TDI.SYS TDI Wrapper driver (Microsoft)
  531. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  532. tm.sys Kernel Transaction Manager driver (Microsoft)
  533. ucx01000.sys USB Controller Extension (Microsoft)
  534. UEFI.sys UEFI NT driver (Microsoft)
  535. umbus.sys User-Mode Bus Enumerator (Microsoft)
  536. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  537. USBD.SYS Universal Serial Bus Driver (Microsoft)
  538. UsbHub3.sys USB3 HUB driver (Microsoft)
  539. USBXHCI.SYS USB XHCI driver (Microsoft)
  540. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  541. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  542. volmgr.sys Volume Manager Driver (Microsoft)
  543. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  544. volsnap.sys Volume Shadow Copy driver (Microsoft)
  545. volume.sys Volume driver (Microsoft)
  546. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  547. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  548. watchdog.sys Watchdog driver (Microsoft)
  549. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  550. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  551. WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
  552. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  553. WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
  554. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  555. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  556. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  557. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  558. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  559. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  560. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  561. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  562. winquic.sys QUIC Transport Protocol driver (Microsoft)
  563. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  564. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  565. Wof.sys Windows Overlay Filter (Microsoft)
  566. WppRecorder.sys WPP Trace Recorder (Microsoft)
  567.  
  568. ====================== Dump #1: UNLOADED MODULES =======================
  569.  
  570. fffff806`60350000 fffff806`60389000 klids.sys
  571. fffff806`6d980000 fffff806`6d9b9000 klids.sys
  572. fffff806`6cf60000 fffff806`6cf6f000 dump_storpor
  573. fffff806`6cfa0000 fffff806`6cfcf000 dump_storahc
  574. fffff806`6cc00000 fffff806`6cc1e000 dump_dumpfve
  575. fffff806`704a0000 fffff806`704ab000 klpnpflt.sys
  576. fffff806`70430000 fffff806`7043b000 klpnpflt.sys
  577. fffff806`6fd00000 fffff806`6fd0b000 klpnpflt.sys
  578. fffff806`6da20000 fffff806`6da3e000 dam.sys
  579. fffff806`65fb0000 fffff806`65fbe000 klelam.sys
  580. fffff806`66fe0000 fffff806`66ff0000 hwpolicy.sys
  581.  
  582. ====================== Dump #1: BIOS INFORMATION =======================
  583.  
  584. sysinfo: could not find necessary interfaces.
  585. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  586.  
  587. ========================== Dump #1: Extra #1 ===========================
  588.  
  589. 0: kd> !verifier
  590. Verify Flags Level 0x00000000
  591. STANDARD FLAGS:
  592. [X] (0x00000000) Automatic Checks
  593. [ ] (0x00000001) Special pool
  594. [ ] (0x00000002) Force IRQL checking
  595. [ ] (0x00000008) Pool tracking
  596. [ ] (0x00000010) I/O verification
  597. [ ] (0x00000020) Deadlock detection
  598. [ ] (0x00000080) DMA checking
  599. [ ] (0x00000100) Security checks
  600. [ ] (0x00000800) Miscellaneous checks
  601. [ ] (0x00020000) DDI compliance checking
  602. ADDITIONAL FLAGS:
  603. [ ] (0x00000004) Randomized low resources simulation
  604. [ ] (0x00000200) Force pending I/O requests
  605. [ ] (0x00000400) IRP logging
  606. [ ] (0x00002000) Invariant MDL checking for stack
  607. [ ] (0x00004000) Invariant MDL checking for driver
  608. [ ] (0x00008000) Power framework delay fuzzing
  609. [ ] (0x00010000) Port/miniport interface checking
  610. [ ] (0x00040000) Systematic low resources simulation
  611. [ ] (0x00080000) DDI compliance checking (additional)
  612. [ ] (0x00200000) NDIS/WIFI verification
  613. [ ] (0x00800000) Kernel synchronization delay fuzzing
  614. [ ] (0x01000000) VM switch verification
  615. [ ] (0x02000000) Code integrity checks
  616. [X] Indicates flag is enabled
  617. Summary of All Verifier Statistics
  618. RaiseIrqls 0x0
  619. AcquireSpinLocks 0x0
  620. Synch Executions 0x0
  621. Trims 0x0
  622. Pool Allocations Attempted 0x0
  623. Pool Allocations Succeeded 0x0
  624. Pool Allocations Succeeded SpecialPool 0x0
  625. Pool Allocations With NO TAG 0x0
  626. Pool Allocations Failed 0x0
  627. Current paged pool allocations 0x0 for 00000000 bytes
  628. Peak paged pool allocations 0x0 for 00000000 bytes
  629. Current nonpaged pool allocations 0x0 for 00000000 bytes
  630. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  631.  
  632. ========================== Dump #1: Extra #2 ===========================
  633.  
  634. 0: kd> !thread
  635. THREAD ffffa28bbc7de080 Cid 2330.13a4 Teb: 000000ef17f96000 Win32Thread: 0000000000000000 RUNNING on processor 0
  636. IRP List:
  637. Unable to read nt!_IRP @ ffffa28bbf9a0370
  638. Not impersonating
  639. GetUlongFromAddress: unable to read from fffff8066322ca14
  640. Owning Process ffffa28bc1d71080 Image: System Process
  641. Attached Process ffffa28bbaeeb080 Image: MemCompression
  642. fffff78000000000: Unable to get shared data
  643. Wait Start TickCount 34763
  644. Context Switch Count 48 IdealProcessor: 2
  645. ReadMemory error: Cannot get nt!KeMaximumIncrement value.
  646. UserTime 00:00:00.000
  647. KernelTime 00:00:00.000
  648. Win32 Start Address 0x00007ff766634eb0
  649. Stack Init fffffe056b8bfb90 Current fffffe056b8be090
  650. Base fffffe056b8c0000 Limit fffffe056b8b9000 Call 0000000000000000
  651. Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
  652. Child-SP RetAddr : Args to Child : Call Site
  653. fffffe05`6b8be348 fffff806`63063d96 : 00000000`0000001a 00000000`0000003f 00000000`0000f3fe 00000000`0000f3fe : nt!KeBugCheckEx
  654. fffffe05`6b8be350 fffff806`62e8df32 : ffffa28b`c08bf800 ffffffff`ffffffff 00000000`00000000 ffffa28b`c08bf8f0 : nt!MiValidatePagefilePageHash+0x10176a
  655. fffffe05`6b8be430 fffff806`62e8d47d : 00000000`00000002 fffffe05`00000000 fffffe05`6b8be5e8 fffff806`00000000 : nt!MiWaitForInPageComplete+0x472
  656. fffffe05`6b8be540 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 000001a7`6b80f770 00000000`00000001 : nt!MiIssueHardFault+0x1ad
  657. fffffe05`6b8be640 fffff806`62fcf320 : fffffe05`6b8be9c0 fffff806`62eb39e4 fffffe05`6b8bec08 ffff8901`9d2c0180 : nt!MmAccessFault+0x40b
  658. fffffe05`6b8be7e0 fffff806`62f5e150 : ffff8901`9e9a2000 ffffa28b`baeec050 fffff806`62e5cfc0 ffff8901`9e9a2000 : nt!KiPageFault+0x360 (TrapFrame @ fffffe05`6b8be7e0)
  659. fffffe05`6b8be978 fffff806`62e5cfc0 : ffff8901`9e9a2000 ffff8901`9e9a2000 00000000`00000002 000001a7`6b80f770 : nt!RtlDecompressBufferXpressLz+0x50
  660. fffffe05`6b8be990 fffff806`62f5fed9 : 00000000`00000000 00002000`00000001 00000000`00000000 ffffa28b`baeed788 : nt!RtlDecompressBufferEx+0x60
  661. fffffe05`6b8be9e0 fffff806`62f5fd64 : 00000000`00000004 fffffe05`6b8bebf0 00000000`00000000 00000000`0000004d : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  662. fffffe05`6b8beac0 fffff806`62f5fbe2 : 00000000`00000001 00000000`0000f770 ffffa28b`0000f770 ffffa28b`0000d000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  663. fffffe05`6b8beb10 fffff806`62f5fa0b : 00000000`ffffffff ffffa28b`c0963000 fffffe05`6b8bebf0 ffffa28b`babe5d90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  664. fffffe05`6b8bebb0 fffff806`62f5f851 : ffffa28b`c0963000 00000000`00000000 00000000`00000001 ffffa28b`baeed788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  665. fffffe05`6b8bec60 fffff806`62f5f761 : ffffa28b`baeec000 ffffa28b`babe5d90 ffffa28b`c0963000 ffffa28b`baeed9b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  666. fffffe05`6b8bece0 fffff806`62e69e18 : ffffa28b`bc7de080 ffffa28b`baeec000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  667. fffffe05`6b8bed10 fffff806`62f62cc1 : fffff806`62f5f740 fffffe05`6b8bedc0 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  668. fffffe05`6b8bed80 fffff806`62f4b941 : fffffe05`6b8bee80 fffff806`62edfec7 ffffa28b`baeec000 fffffe05`6b8befd0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  669. fffffe05`6b8bee50 fffff806`62f4b527 : 00000000`0000000c ffffa28b`baeec000 fffffe05`6b8bef00 ffffa28b`babe5d90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  670. fffffe05`6b8beea0 fffff806`62f61fd3 : 00000000`0000000c ffffa28b`babe5d90 00000000`0000000d 00000000`0000000d : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  671. fffffe05`6b8bef30 fffff806`62f636af : ffffa28b`0000000d ffffa28b`b8fc4e70 00000000`00000000 ffffa28b`baeec000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  672. fffffe05`6b8befa0 fffff806`62e8e05b : fffff806`63268bc0 00000000`00000001 fffff806`63268c80 fffff806`62e74ee6 : nt!SmPageRead+0x33
  673. fffffe05`6b8beff0 fffff806`62e8d759 : 00000000`00000002 fffffe05`6b8bf080 fffffe05`6b8bf1e8 ffffb95c`be0199a0 : nt!MiIssueHardFaultIo+0x117
  674. fffffe05`6b8bf040 fffff806`62e72f9b : 00000000`c0033333 00000000`00000000 fffff806`6699f950 fffff806`6699f950 : nt!MiIssueHardFault+0x489
  675. fffffe05`6b8bf0f0 fffff806`62fcf320 : 00000000`0002001f 00000000`00000000 00000000`00000000 00000000`0002001f : nt!MmAccessFault+0x40b
  676. fffffe05`6b8bf290 fffff806`6699f950 : fffff806`668aa69c 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 : nt!KiPageFault+0x360 (TrapFrame @ fffffe05`6b8bf290)
  677. fffffe05`6b8bf428 fffff806`668aa69c : 00000000`00000000 ffffa28b`c0d99078 00000000`00000004 00000000`00000000 : ndis!NdisSetThreadObjectCompartmentId
  678. fffffe05`6b8bf430 fffff806`6652e57d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ndis!ndisNsiSetThreadInformation+0x4c
  679. fffffe05`6b8bf460 fffff806`6d8f1ba5 : 00000000`00000000 00000000`00000001 ffffa28b`c0d99010 000000ef`17cef780 : NETIO!NsiSetParameterEx+0x14d
  680. fffffe05`6b8bf560 fffff806`6d8f27b6 : 00000000`00000000 ffffa28b`bf9a0440 ffffa28b`bf9a0370 00000000`00000004 : nsiproxy!NsippSetParameter+0x195
  681. fffffe05`6b8bf6d0 fffff806`62e31f39 : 00000000`00000002 00000000`00000000 ffffa28b`bc9bc160 ffffa28b`ba9599f0 : nsiproxy!NsippDispatch+0x196
  682. fffffe05`6b8bf720 fffff806`633e93f5 : ffffa28b`bf9a0370 00000000`00000000 00000000`00000000 ffffa28b`bc9bc160 : nt!IofCallDriver+0x59
  683. fffffe05`6b8bf760 fffff806`633e9200 : 00000000`00000000 00000000`00040800 ffffa28b`bc9bc160 fffffe05`6b8bfa80 : nt!IopSynchronousServiceTail+0x1a5
  684. fffffe05`6b8bf800 fffff806`633e85d6 : 000000ef`17cef610 00000000`0000016c 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0xc10
  685. fffffe05`6b8bf920 fffff806`62fd2b15 : ffffa28b`bc7de080 000000ef`17cef5f8 fffffe05`6b8bf9a8 00000000`00000000 : nt!NtDeviceIoControlFile+0x56
  686. fffffe05`6b8bf990 00007ffe`eaa5c1a4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffffe05`6b8bfa00)
  687. 000000ef`17cef688 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`eaa5c1a4
  688.  
  689.  
  690. ========================================================================
  691. ======================= Dump #2: ANALYZE VERBOSE =======================
  692. ====================== File: 080320-52375-01.dmp =======================
  693. ========================================================================
  694.  
  695. Mini Kernel Dump File: Only registers and stack trace are available
  696. Windows 10 Kernel Version 18362 MP (4 procs) Free x64
  697. Kernel base = 0xfffff803`37400000 PsLoadedModuleList = 0xfffff803`37848210
  698. Debug session time: Mon Aug 3 01:16:41.395 2020 (UTC - 4:00)
  699. System Uptime: 1 days 16:15:34.068
  700.  
  701. BugCheck 1A, {3f, 435ee, 433ee, 3c38f34a}
  702. *** WARNING: Unable to verify timestamp for win32k.sys
  703. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  704. Probably caused by : memory_corruption
  705. Followup: memory_corruption
  706. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  707.  
  708. MEMORY_MANAGEMENT (1a)
  709. # Any other values for parameter 1 must be individually examined.
  710.  
  711. Arguments:
  712. Arg1: 000000000000003f, The subtype of the bugcheck.
  713. Arg2: 00000000000435ee
  714. Arg3: 00000000000433ee
  715. Arg4: 000000003c38f34a
  716.  
  717. Debugging Details:
  718. DUMP_CLASS: 1
  719. DUMP_QUALIFIER: 400
  720. DUMP_TYPE: 2
  721. ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
  722. The data read from storage does not match the original data written.
  723. This indicates the data was corrupted by the storage stack, or device hardware.
  724. BUGCHECK_STR: 0x1a_3f
  725. CUSTOMER_CRASH_COUNT: 1
  726. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  727.  
  728. PROCESS_NAME: MemCompression
  729.  
  730. CURRENT_IRQL: 2
  731. PAGE_HASH_ERRORS_DETECTED: 1
  732. TRAP_FRAME: ffff83064d216f50 -- (.trap 0xffff83064d216f50)
  733. NOTE: The trap frame does not contain all registers.
  734. Some register values may be zeroed or incorrect.
  735. rax=fffff8033755e100 rbx=0000000000000000 rcx=ffffd081c86b6000
  736. rdx=ffffd081c86b6000 rsi=0000000000000000 rdi=0000000000000000
  737. rip=fffff8033755e150 rsp=ffff83064d2170e8 rbp=ffffd081c86b6000
  738. r8=00000192059d4a90 r9=000000000000095d r10=ffffd081c86b6ea0
  739. r11=00000192059d53ed r12=0000000000000000 r13=0000000000000000
  740. r14=0000000000000000 r15=0000000000000000
  741. iopl=0 nv up ei pl zr na po nc
  742. nt!RtlDecompressBufferXpressLz+0x50:
  743. fffff803`3755e150 418b08 mov ecx,dword ptr [r8] ds:00000192`059d4a90=????????
  744. Resetting default scope
  745. LAST_CONTROL_TRANSFER: from fffff80337663d96 to fffff803375c1220
  746. STACK_TEXT:
  747. ffff8306`4d216ab8 fffff803`37663d96 : 00000000`0000001a 00000000`0000003f 00000000`000435ee 00000000`000433ee : nt!KeBugCheckEx
  748. ffff8306`4d216ac0 fffff803`3748df32 : ffffe105`90e7ab50 ffffffff`ffffffff 00000000`00000000 ffffe105`90e7ac40 : nt!MiValidatePagefilePageHash+0x10176a
  749. ffff8306`4d216ba0 fffff803`3748d47d : 00000000`00000002 ffff8306`00000000 ffff8306`4d216d58 fffff803`00000000 : nt!MiWaitForInPageComplete+0x472
  750. ffff8306`4d216cb0 fffff803`37472f9b : 00000000`c0033333 00000000`00000000 00000192`059d4a90 00000000`00000000 : nt!MiIssueHardFault+0x1ad
  751. ffff8306`4d216db0 fffff803`375cf320 : 00000000`00000000 ffff8306`4d216fd0 ffff8306`4d217378 00000000`00000000 : nt!MmAccessFault+0x40b
  752. ffff8306`4d216f50 fffff803`3755e150 : ffffd081`c86b6000 ffffe105`89130050 fffff803`3745cfc0 ffffd081`c86b6000 : nt!KiPageFault+0x360
  753. ffff8306`4d2170e8 fffff803`3745cfc0 : ffffd081`c86b6000 ffffd081`c86b6000 00000000`00000002 00000192`059d4a90 : nt!RtlDecompressBufferXpressLz+0x50
  754. ffff8306`4d217100 fffff803`3755fed9 : 00000000`00000000 fffff803`00000001 00000000`00000000 ffffe105`89131788 : nt!RtlDecompressBufferEx+0x60
  755. ffff8306`4d217150 fffff803`3755fd64 : 00000000`00000004 ffff8306`4d217360 00000000`00000000 00000000`00000174 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  756. ffff8306`4d217230 fffff803`3755fbe2 : 00000000`00000001 00000000`00014a90 ffffe105`00014a90 ffffe105`00008000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  757. ffff8306`4d217280 fffff803`3755fa0b : 00000000`ffffffff ffffe105`9078c000 ffff8306`4d217360 ffffe105`87e30dd0 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  758. ffff8306`4d217320 fffff803`3755f851 : ffffe105`9078c000 00000000`00000000 00000000`00000001 ffffe105`89131788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  759. ffff8306`4d2173d0 fffff803`3755f761 : ffffe105`89130000 ffffe105`87e30dd0 ffffe105`9078c000 ffffe105`891319b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  760. ffff8306`4d217450 fffff803`37469e18 : ffffe105`8ff6e080 ffffe105`89130000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  761. ffff8306`4d217480 fffff803`37562cc1 : fffff803`3755f740 ffff8306`4d217530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  762. ffff8306`4d2174f0 fffff803`3754b941 : ffff8306`4d2175f0 fffff803`3798db78 ffffe105`89130000 ffff8306`4d217740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  763. ffff8306`4d2175c0 fffff803`3754b527 : 00000000`0000000c ffffe105`89130000 ffff8306`4d217670 ffffe105`87e30dd0 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  764. ffff8306`4d217610 fffff803`37561fd3 : 00000000`0000000c ffffe105`87e30dd0 00000000`00000008 00000000`00000008 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  765. ffff8306`4d2176a0 fffff803`375636af : ffffe105`00000008 ffffe105`90c35b00 00000000`00000000 ffffe105`89130000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  766. ffff8306`4d217710 fffff803`3748e05b : ffffe105`921d35c0 00000000`00000001 ffffe105`921d3680 fffff803`37474ee6 : nt!SmPageRead+0x33
  767. ffff8306`4d217760 fffff803`3748d759 : 00000000`00000002 ffff8306`4d2177f0 ffff8306`4d217958 fffffc7e`00000a38 : nt!MiIssueHardFaultIo+0x117
  768. ffff8306`4d2177b0 fffff803`37472f9b : 00000000`c0033333 00000000`00000001 00000000`28fb90cf fffff803`375c842f : nt!MiIssueHardFault+0x489
  769. ffff8306`4d217860 fffff803`375cf320 : 00000000`109f5608 ffff8306`4d217a80 00000000`00a39000 ffff8306`4d217a80 : nt!MmAccessFault+0x40b
  770. ffff8306`4d217a00 00000000`770c662f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
  771. 00000000`16fff178 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770c662f
  772. STACK_COMMAND: kb
  773. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  774. fffff80337472f0b-fffff80337472f0f 5 bytes - nt!MmAccessFault+37b
  775. [ df be 7d fb f6:8f 1f 3f 7e fc ]
  776. fffff80337472f38-fffff80337472f3c 5 bytes - nt!MmAccessFault+3a8 (+0x2d)
  777. [ d7 be 7d fb f6:87 1f 3f 7e fc ]
  778. fffff80337473034-fffff80337473038 5 bytes - nt!MmAccessFault+4a4 (+0xfc)
  779. [ df be 7d fb f6:8f 1f 3f 7e fc ]
  780. fffff8033748d4dc-fffff8033748d4dd 2 bytes - nt!MiIssueHardFault+20c (+0x1a4a8)
  781. [ 80 f6:00 fc ]
  782. fffff803374be233 - nt!MiValidFault+113 (+0x30d57)
  783. [ fa:a2 ]
  784. fffff803374be25a - nt!MiValidFault+13a (+0x27)
  785. [ fa:a2 ]
  786. fffff803374be264-fffff803374be268 5 bytes - nt!MiValidFault+144 (+0x0a)
  787. [ d0 be 7d fb f6:80 1f 3f 7e fc ]
  788. fffff803374be286-fffff803374be28a 5 bytes - nt!MiValidFault+166 (+0x22)
  789. [ d7 be 7d fb f6:87 1f 3f 7e fc ]
  790. fffff80337563797-fffff80337563798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0xa5511)
  791. [ 48 ff:4c 8b ]
  792. fffff8033756379e-fffff803375637a2 5 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
  793. [ 0f 1f 44 00 00:e8 1d b0 df ff ]
  794. fffff803375c82d3-fffff803375c82d4 2 bytes - nt!SwapContext+53 (+0x64b35)
  795. [ 48 ff:4c 8b ]
  796. fffff803375c82da-fffff803375c82de 5 bytes - nt!SwapContext+5a (+0x07)
  797. [ 0f 1f 44 00 00:e8 91 7d d9 ff ]
  798. 43 errors : !nt (fffff80337472f0b-fffff803375c82de)
  799. MODULE_NAME: memory_corruption
  800.  
  801. IMAGE_NAME: memory_corruption
  802.  
  803. FOLLOWUP_NAME: memory_corruption
  804. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  805. MEMORY_CORRUPTOR: LARGE
  806. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  807. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  808. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  809. TARGET_TIME: 2020-08-03T05:16:41.000Z
  810. SUITE_MASK: 272
  811. PRODUCT_TYPE: 1
  812. USER_LCID: 0
  813. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  814. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  815. Followup: memory_corruption
  816. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  817.  
  818. ====================== Dump #2: 3RD PARTY DRIVERS ======================
  819.  
  820. Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
  821. May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  822. Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
  823. Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
  824. May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  825. Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  826. Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  827. Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
  828. Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
  829. Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
  830. Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  831. Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  832. Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
  833. Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
  834. Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  835. Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
  836. Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  837. Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
  838. Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  839. Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  840. Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
  841. May 19 2020 - igdkmd64.sys - Intel HD graphics driver
  842. May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  843. Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  844. Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
  845. Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
  846. Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
  847. Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  848. Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
  849. Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
  850. ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
  851. ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
  852. ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
  853.  
  854. ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
  855.  
  856. Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
  857. Image name: klmouflt.sys
  858. Search : https://www.google.com/search?q=klmouflt.sys
  859. ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
  860. Timestamp : Fri Sep 12 1975
  861.  
  862. Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
  863. Image name: klwtp.sys
  864. Search : https://www.google.com/search?q=klwtp.sys
  865. ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  866. Timestamp : Sat May 5 2007
  867.  
  868. Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
  869. Image name: klbackupdisk.sys
  870. Search : https://www.google.com/search?q=klbackupdisk.sys
  871. ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
  872. Timestamp : Sun Apr 13 2008
  873.  
  874. Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
  875. Image name: AsUpIO.sys
  876. Search : https://www.google.com/search?q=AsUpIO.sys
  877. ADA Info : ASUS Update Input Output driver http://www.asus.com/
  878. Timestamp : Mon Aug 2 2010
  879.  
  880. Image path: \SystemRoot\System32\drivers\ScpVBus.sys
  881. Image name: ScpVBus.sys
  882. Search : https://www.google.com/search?q=ScpVBus.sys
  883. ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  884. Timestamp : Sun May 5 2013
  885.  
  886. Image path: \SystemRoot\system32\DRIVERS\klim6.sys
  887. Image name: klim6.sys
  888. Search : https://www.google.com/search?q=klim6.sys
  889. ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  890. Timestamp : Wed Jan 7 2015
  891.  
  892. Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
  893. Image name: SCDEmu.SYS
  894. Search : https://www.google.com/search?q=SCDEmu.SYS
  895. ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  896. Timestamp : Tue Jun 6 2017
  897.  
  898. Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
  899. Image name: YSDrv.sys
  900. Search : https://www.google.com/search?q=YSDrv.sys
  901. ADA Info : VirtualBox Support driver
  902. Timestamp : Wed Oct 11 2017
  903.  
  904. Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
  905. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  906. Image name: TeeDriverW8x64.sys
  907. Search : https://www.google.com/search?q=TeeDriverW8x64.sys
  908. ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
  909. Timestamp : Sun Nov 19 2017
  910. File version: 11.7.0.1057
  911. Product version: 11.7.0.1057
  912. File flags: 8 (Mask 3F) Private
  913. File OS: 40004 NT Win32
  914. File type: 3.7 Driver
  915. File date: 00000000.00000000
  916. CompanyName: Intel Corporation
  917. ProductName: Intel(R) Management Engine Interface
  918. InternalName: TeeDriverx64.sys
  919. OriginalFilename: TeeDriverx64.sys
  920. ProductVersion: 11.7.0.1057
  921. FileVersion: 11.7.0.1057
  922. FileDescription: Intel(R) Management Engine Interface
  923. LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
  924.  
  925. Image path: \SystemRoot\System32\drivers\kltap.sys
  926. Image name: kltap.sys
  927. Search : https://www.google.com/search?q=kltap.sys
  928. ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
  929. Timestamp : Fri Mar 16 2018
  930.  
  931. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  932. Image name: RTKVHD64.sys
  933. Search : https://www.google.com/search?q=RTKVHD64.sys
  934. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  935. Timestamp : Tue Nov 13 2018
  936.  
  937. Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
  938. Image name: klupd_klif_kimul.sys
  939. Search : https://www.google.com/search?q=klupd_klif_kimul.sys
  940. ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  941. Timestamp : Tue Jan 22 2019
  942.  
  943. Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
  944. Image name: cm_km.sys
  945. Search : https://www.google.com/search?q=cm_km.sys
  946. ADA Info : Kaspersky Cryptographic Module Driver
  947. Timestamp : Fri Feb 15 2019
  948.  
  949. Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
  950. Image name: klwfp.sys
  951. Search : https://www.google.com/search?q=klwfp.sys
  952. ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
  953. Timestamp : Tue Feb 26 2019
  954.  
  955. Image path: \SystemRoot\system32\drivers\womic.sys
  956. Image name: womic.sys
  957. Search : https://www.google.com/search?q=womic.sys
  958. ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  959. Timestamp : Wed Jul 3 2019
  960.  
  961. Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
  962. Image name: IntcDAud.sys
  963. Search : https://www.google.com/search?q=IntcDAud.sys
  964. ADA Info : Intel Display Audio Driver http://www.intel.com/
  965. Timestamp : Tue Feb 25 2020
  966.  
  967. Image path: \SystemRoot\system32\DRIVERS\klif.sys
  968. Image name: klif.sys
  969. Search : https://www.google.com/search?q=klif.sys
  970. ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  971. Timestamp : Fri Mar 13 2020
  972.  
  973. Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
  974. Image name: klupd_klif_klark.sys
  975. Search : https://www.google.com/search?q=klupd_klif_klark.sys
  976. ADA Info : Kaspersky https://www.kaspersky.com/
  977. Timestamp : Fri Mar 20 2020
  978.  
  979. Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
  980. Image name: klupd_klif_mark.sys
  981. Search : https://www.google.com/search?q=klupd_klif_mark.sys
  982. ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  983. Timestamp : Fri Mar 20 2020
  984.  
  985. Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
  986. Image name: klupd_klif_arkmon.sys
  987. Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
  988. ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  989. Timestamp : Sun Mar 22 2020
  990.  
  991. Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
  992. Image name: tapprotonvpn.sys
  993. Search : https://www.google.com/search?q=tapprotonvpn.sys
  994. ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
  995. Timestamp : Thu Apr 2 2020
  996.  
  997. Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
  998. Image name: igdkmd64.sys
  999. Search : https://www.google.com/search?q=igdkmd64.sys
  1000. ADA Info : Intel HD graphics driver
  1001. Timestamp : Tue May 19 2020
  1002.  
  1003. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  1004. Image name: rt640x64.sys
  1005. Search : https://www.google.com/search?q=rt640x64.sys
  1006. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  1007. Timestamp : Tue May 26 2020
  1008.  
  1009. Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
  1010. Image name: klupd_klif_klbg.sys
  1011. Search : https://www.google.com/search?q=klupd_klif_klbg.sys
  1012. ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  1013. Timestamp : Wed Jun 17 2020
  1014.  
  1015. Image path: \SystemRoot\system32\DRIVERS\klgse.sys
  1016. Image name: klgse.sys
  1017. Search : https://www.google.com/search?q=klgse.sys
  1018. ADA Info : Kaspersky Security Extender driver
  1019. Timestamp : Fri Jun 19 2020
  1020.  
  1021. Image path: \SystemRoot\system32\DRIVERS\klhk.sys
  1022. Image name: klhk.sys
  1023. Search : https://www.google.com/search?q=klhk.sys
  1024. ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
  1025. Timestamp : Fri Jun 19 2020
  1026.  
  1027. Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
  1028. Image name: klids.sys
  1029. Search : https://www.google.com/search?q=klids.sys
  1030. ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
  1031. Timestamp : Fri Jul 17 2020
  1032.  
  1033. Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
  1034. Image name: klkbdflt.sys
  1035. Search : https://www.google.com/search?q=klkbdflt.sys
  1036. ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  1037. Timestamp : Tue Nov 16 2021
  1038.  
  1039. Image path: \SystemRoot\system32\DRIVERS\klpd.sys
  1040. Image name: klpd.sys
  1041. Search : https://www.google.com/search?q=klpd.sys
  1042. ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
  1043. Timestamp : Tue Mar 13 2029
  1044.  
  1045. Image path: \SystemRoot\system32\DRIVERS\klflt.sys
  1046. Image name: klflt.sys
  1047. Search : https://www.google.com/search?q=klflt.sys
  1048. ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
  1049. Timestamp : Mon Aug 13 2029
  1050.  
  1051. Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
  1052. Image name: klbackupflt.sys
  1053. Search : https://www.google.com/search?q=klbackupflt.sys
  1054. ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
  1055. Timestamp : ***** Invalid (946E4501)
  1056.  
  1057. Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
  1058. Image name: kldisk.sys
  1059. Search : https://www.google.com/search?q=kldisk.sys
  1060. ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
  1061. Timestamp : ***** Invalid (B1F414C8)
  1062.  
  1063. Image path: \SystemRoot\system32\DRIVERS\kneps.sys
  1064. Image name: kneps.sys
  1065. Search : https://www.google.com/search?q=kneps.sys
  1066. ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
  1067. Timestamp : ***** Invalid (E34C73F4)
  1068.  
  1069. ====================== Dump #2: MICROSOFT DRIVERS ======================
  1070.  
  1071. ACPI.sys ACPI Driver for NT (Microsoft)
  1072. acpiex.sys ACPIEx Driver (Microsoft)
  1073. acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
  1074. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  1075. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  1076. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  1077. ahcache.sys Application Compatibility Cache (Microsoft)
  1078. bam.sys BAM Kernal driver (Microsoft)
  1079. BasicDisplay.sys Basic Display driver (Microsoft)
  1080. BasicRender.sys Basic Render driver (Microsoft)
  1081. Beep.SYS BEEP driver (Microsoft)
  1082. BOOTVID.dll VGA Boot Driver (Microsoft)
  1083. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  1084. cdd.dll Canonical Display Driver (Microsoft)
  1085. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  1086. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  1087. CI.dll Code Integrity Module (Microsoft)
  1088. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  1089. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  1090. CLFS.SYS Common Log File System Driver (Microsoft)
  1091. clipsp.sys CLIP Service (Microsoft)
  1092. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  1093. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  1094. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  1095. condrv.sys Console Driver (Microsoft)
  1096. crashdmp.sys Crash Dump driver (Microsoft)
  1097. csc.sys Windows Client Side Caching driver (Microsoft)
  1098. dfsc.sys DFS Namespace Client Driver (Microsoft)
  1099. disk.sys PnP Disk Driver (Microsoft)
  1100. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  1101. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1102. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1103. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1104. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  1105. dxgmms2.sys DirectX Graphics MMS
  1106. fastfat.SYS Fast FAT File System Driver (Microsoft)
  1107. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  1108. fileinfo.sys FileInfo Filter Driver (Microsoft)
  1109. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  1110. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  1111. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  1112. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  1113. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  1114. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  1115. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  1116. HIDCLASS.SYS Hid Class Library (Microsoft)
  1117. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  1118. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  1119. HTTP.sys HTTP Protocol Stack (Microsoft)
  1120. intelpep.sys Intel Power Engine Plugin (Microsoft)
  1121. intelppm.sys Processor Device Driver (Microsoft)
  1122. iorate.sys I/O rate control Filter (Microsoft)
  1123. kbdclass.sys Keyboard Class Driver (Microsoft)
  1124. kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
  1125. kd.dll Local Kernal Debugger (Microsoft)
  1126. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  1127. ks.sys Kernal CSA Library (Microsoft)
  1128. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  1129. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  1130. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  1131. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  1132. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  1133. mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
  1134. mmcss.sys MMCSS Driver (Microsoft)
  1135. monitor.sys Monitor Driver (Microsoft)
  1136. mouclass.sys Mouse Class Driver (Microsoft)
  1137. mouhid.sys HID Mouse Filter Driver (Microsoft)
  1138. mountmgr.sys Mount Point Manager (Microsoft)
  1139. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  1140. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  1141. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  1142. Msfs.SYS Mailslot driver (Microsoft)
  1143. msisadrv.sys ISA Driver (Microsoft)
  1144. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  1145. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  1146. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  1147. mssmbios.sys System Management BIOS driver (Microsoft)
  1148. mup.sys Multiple UNC Provider driver (Microsoft)
  1149. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  1150. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  1151. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  1152. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  1153. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  1154. NDProxy.sys NDIS Proxy driver (Microsoft)
  1155. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  1156. netbios.sys NetBIOS Interface driver (Microsoft)
  1157. netbt.sys MBT Transport driver (Microsoft)
  1158. NETIO.SYS Network I/O Subsystem (Microsoft)
  1159. Npfs.SYS NPFS driver (Microsoft)
  1160. npsvctrig.sys Named pipe service triggers (Microsoft)
  1161. nsiproxy.sys NSI Proxy driver (Microsoft)
  1162. Ntfs.sys NT File System Driver (Microsoft)
  1163. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  1164. ntosext.sys NTOS Extension Host driver (Microsoft)
  1165. Null.SYS NULL Driver (Microsoft)
  1166. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  1167. pacer.sys QoS Packet Scheduler (Microsoft)
  1168. parport.sys Parallel Port Driver (Microsoft)
  1169. partmgr.sys Partition driver (Microsoft)
  1170. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  1171. pcw.sys Performance Counter Driver (Microsoft)
  1172. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  1173. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  1174. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  1175. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  1176. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  1177. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  1178. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  1179. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  1180. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  1181. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  1182. rdpvideominiport.sys RDP Video Miniport driver (Microsoft)
  1183. rdyboost.sys ReadyBoost Driver (Microsoft)
  1184. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  1185. serenum.sys Serial Port Enumerator (Microsoft)
  1186. serial.sys Serial Device Driver
  1187. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  1188. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  1189. spaceport.sys Storage Spaces driver (Microsoft)
  1190. srv2.sys Smb 2.0 Server driver (Microsoft)
  1191. srvnet.sys Server Network driver (Microsoft)
  1192. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  1193. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  1194. storqosflt.sys Storage QoS Filter driver (Microsoft)
  1195. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  1196. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  1197. tcpip.sys TCP/IP Protocol driver (Microsoft)
  1198. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  1199. TDI.SYS TDI Wrapper driver (Microsoft)
  1200. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  1201. tm.sys Kernel Transaction Manager driver (Microsoft)
  1202. ucx01000.sys USB Controller Extension (Microsoft)
  1203. UEFI.sys UEFI NT driver (Microsoft)
  1204. umbus.sys User-Mode Bus Enumerator (Microsoft)
  1205. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  1206. USBD.SYS Universal Serial Bus Driver (Microsoft)
  1207. UsbHub3.sys USB3 HUB driver (Microsoft)
  1208. USBXHCI.SYS USB XHCI driver (Microsoft)
  1209. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  1210. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  1211. volmgr.sys Volume Manager Driver (Microsoft)
  1212. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  1213. volsnap.sys Volume Shadow Copy driver (Microsoft)
  1214. volume.sys Volume driver (Microsoft)
  1215. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  1216. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  1217. watchdog.sys Watchdog driver (Microsoft)
  1218. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  1219. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  1220. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  1221. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  1222. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  1223. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  1224. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  1225. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  1226. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  1227. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  1228. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  1229. winquic.sys QUIC Transport Protocol driver (Microsoft)
  1230. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  1231. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  1232. Wof.sys Windows Overlay Filter (Microsoft)
  1233. WppRecorder.sys WPP Trace Recorder (Microsoft)
  1234.  
  1235. ====================== Dump #2: UNLOADED MODULES =======================
  1236.  
  1237. fffff803`34400000 fffff803`34426000 USBSTOR.SYS
  1238. fffff803`344b0000 fffff803`344bf000 WpdUpFltr.sy
  1239. fffff803`34450000 fffff803`344a1000 WUDFRd.sys
  1240. fffff803`34430000 fffff803`3444c000 EhStorClass.
  1241. fffff803`343b0000 fffff803`343d6000 USBSTOR.SYS
  1242. fffff803`343e0000 fffff803`343fc000 EhStorClass.
  1243. fffff803`34330000 fffff803`3433f000 hiber_storpo
  1244. fffff803`34340000 fffff803`3436f000 hiber_storah
  1245. fffff803`34370000 fffff803`3438e000 hiber_dumpfv
  1246. fffff803`33ff0000 fffff803`34009000 monitor.sys
  1247. fffff803`34270000 fffff803`34296000 USBSTOR.SYS
  1248. fffff803`34320000 fffff803`3432f000 WpdUpFltr.sy
  1249. fffff803`342c0000 fffff803`34311000 WUDFRd.sys
  1250. fffff803`342a0000 fffff803`342bc000 EhStorClass.
  1251. fffff803`341b0000 fffff803`341d6000 USBSTOR.SYS
  1252. fffff803`34260000 fffff803`3426f000 WpdUpFltr.sy
  1253. fffff803`34200000 fffff803`34251000 WUDFRd.sys
  1254. fffff803`341e0000 fffff803`341fc000 EhStorClass.
  1255. fffff803`34180000 fffff803`341a6000 USBSTOR.SYS
  1256. fffff803`39490000 fffff803`394ac000 EhStorClass.
  1257. fffff803`34010000 fffff803`3417a000 EasyAntiChea
  1258. fffff803`33f90000 fffff803`33f9f000 hiber_storpo
  1259. fffff803`33fa0000 fffff803`33fcf000 hiber_storah
  1260. fffff803`33fd0000 fffff803`33fee000 hiber_dumpfv
  1261. fffff803`44bc0000 fffff803`44bd9000 monitor.sys
  1262. fffff803`33e10000 fffff803`33f7a000 EasyAntiChea
  1263. fffff803`409b0000 fffff803`409e9000 klids.sys
  1264. fffff803`3ffd0000 fffff803`3ffdf000 dump_storpor
  1265. fffff803`3fc30000 fffff803`3fc5f000 dump_storahc
  1266. fffff803`3fc80000 fffff803`3fc9e000 dump_dumpfve
  1267. fffff803`32e00000 fffff803`32e0b000 klpnpflt.sys
  1268. fffff803`33790000 fffff803`3379b000 klpnpflt.sys
  1269. fffff803`43100000 fffff803`4310b000 klpnpflt.sys
  1270. fffff803`40a50000 fffff803`40a6e000 dam.sys
  1271. fffff803`38fb0000 fffff803`38fbe000 klelam.sys
  1272. fffff803`39fe0000 fffff803`39ff0000 hwpolicy.sys
  1273.  
  1274. ====================== Dump #2: BIOS INFORMATION =======================
  1275.  
  1276. sysinfo: could not find necessary interfaces.
  1277. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  1278.  
  1279. ========================== Dump #2: Extra #1 ===========================
  1280.  
  1281. 3: kd> !verifier
  1282. Verify Flags Level 0x00000000
  1283. STANDARD FLAGS:
  1284. [X] (0x00000000) Automatic Checks
  1285. [ ] (0x00000001) Special pool
  1286. [ ] (0x00000002) Force IRQL checking
  1287. [ ] (0x00000008) Pool tracking
  1288. [ ] (0x00000010) I/O verification
  1289. [ ] (0x00000020) Deadlock detection
  1290. [ ] (0x00000080) DMA checking
  1291. [ ] (0x00000100) Security checks
  1292. [ ] (0x00000800) Miscellaneous checks
  1293. [ ] (0x00020000) DDI compliance checking
  1294. ADDITIONAL FLAGS:
  1295. [ ] (0x00000004) Randomized low resources simulation
  1296. [ ] (0x00000200) Force pending I/O requests
  1297. [ ] (0x00000400) IRP logging
  1298. [ ] (0x00002000) Invariant MDL checking for stack
  1299. [ ] (0x00004000) Invariant MDL checking for driver
  1300. [ ] (0x00008000) Power framework delay fuzzing
  1301. [ ] (0x00010000) Port/miniport interface checking
  1302. [ ] (0x00040000) Systematic low resources simulation
  1303. [ ] (0x00080000) DDI compliance checking (additional)
  1304. [ ] (0x00200000) NDIS/WIFI verification
  1305. [ ] (0x00800000) Kernel synchronization delay fuzzing
  1306. [ ] (0x01000000) VM switch verification
  1307. [ ] (0x02000000) Code integrity checks
  1308. [X] Indicates flag is enabled
  1309. Summary of All Verifier Statistics
  1310. RaiseIrqls 0x0
  1311. AcquireSpinLocks 0x0
  1312. Synch Executions 0x0
  1313. Trims 0x0
  1314. Pool Allocations Attempted 0x0
  1315. Pool Allocations Succeeded 0x0
  1316. Pool Allocations Succeeded SpecialPool 0x0
  1317. Pool Allocations With NO TAG 0x0
  1318. Pool Allocations Failed 0x0
  1319. Current paged pool allocations 0x0 for 00000000 bytes
  1320. Peak paged pool allocations 0x0 for 00000000 bytes
  1321. Current nonpaged pool allocations 0x0 for 00000000 bytes
  1322. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  1323.  
  1324. ========================== Dump #2: Extra #2 ===========================
  1325.  
  1326. 3: kd> !thread
  1327. THREAD ffffe1058ff6e080 Cid 0f9c.0944 Teb: 0000000000a39000 Win32Thread: 0000000000000000 RUNNING on processor 3
  1328. Not impersonating
  1329. GetUlongFromAddress: unable to read from fffff8033782ca14
  1330. Owning Process ffffe105921d30c0 Image: System Process
  1331. Attached Process ffffe10589133040 Image: MemCompression
  1332. fffff78000000000: Unable to get shared data
  1333. Wait Start TickCount 9275779
  1334. Context Switch Count 241572 IdealProcessor: 3
  1335. ReadMemory error: Cannot get nt!KeMaximumIncrement value.
  1336. UserTime 00:00:00.000
  1337. KernelTime 00:00:00.000
  1338. Win32 Start Address 0x0000000076742450
  1339. Stack Init ffff83064d217b90 Current ffff83064d216800
  1340. Base ffff83064d218000 Limit ffff83064d211000 Call 0000000000000000
  1341. Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
  1342. Child-SP RetAddr : Args to Child : Call Site
  1343. ffff8306`4d216ab8 fffff803`37663d96 : 00000000`0000001a 00000000`0000003f 00000000`000435ee 00000000`000433ee : nt!KeBugCheckEx
  1344. ffff8306`4d216ac0 fffff803`3748df32 : ffffe105`90e7ab50 ffffffff`ffffffff 00000000`00000000 ffffe105`90e7ac40 : nt!MiValidatePagefilePageHash+0x10176a
  1345. ffff8306`4d216ba0 fffff803`3748d47d : 00000000`00000002 ffff8306`00000000 ffff8306`4d216d58 fffff803`00000000 : nt!MiWaitForInPageComplete+0x472
  1346. ffff8306`4d216cb0 fffff803`37472f9b : 00000000`c0033333 00000000`00000000 00000192`059d4a90 00000000`00000000 : nt!MiIssueHardFault+0x1ad
  1347. ffff8306`4d216db0 fffff803`375cf320 : 00000000`00000000 ffff8306`4d216fd0 ffff8306`4d217378 00000000`00000000 : nt!MmAccessFault+0x40b
  1348. ffff8306`4d216f50 fffff803`3755e150 : ffffd081`c86b6000 ffffe105`89130050 fffff803`3745cfc0 ffffd081`c86b6000 : nt!KiPageFault+0x360 (TrapFrame @ ffff8306`4d216f50)
  1349. ffff8306`4d2170e8 fffff803`3745cfc0 : ffffd081`c86b6000 ffffd081`c86b6000 00000000`00000002 00000192`059d4a90 : nt!RtlDecompressBufferXpressLz+0x50
  1350. ffff8306`4d217100 fffff803`3755fed9 : 00000000`00000000 fffff803`00000001 00000000`00000000 ffffe105`89131788 : nt!RtlDecompressBufferEx+0x60
  1351. ffff8306`4d217150 fffff803`3755fd64 : 00000000`00000004 ffff8306`4d217360 00000000`00000000 00000000`00000174 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  1352. ffff8306`4d217230 fffff803`3755fbe2 : 00000000`00000001 00000000`00014a90 ffffe105`00014a90 ffffe105`00008000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  1353. ffff8306`4d217280 fffff803`3755fa0b : 00000000`ffffffff ffffe105`9078c000 ffff8306`4d217360 ffffe105`87e30dd0 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  1354. ffff8306`4d217320 fffff803`3755f851 : ffffe105`9078c000 00000000`00000000 00000000`00000001 ffffe105`89131788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  1355. ffff8306`4d2173d0 fffff803`3755f761 : ffffe105`89130000 ffffe105`87e30dd0 ffffe105`9078c000 ffffe105`891319b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  1356. ffff8306`4d217450 fffff803`37469e18 : ffffe105`8ff6e080 ffffe105`89130000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  1357. ffff8306`4d217480 fffff803`37562cc1 : fffff803`3755f740 ffff8306`4d217530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  1358. ffff8306`4d2174f0 fffff803`3754b941 : ffff8306`4d2175f0 fffff803`3798db78 ffffe105`89130000 ffff8306`4d217740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  1359. ffff8306`4d2175c0 fffff803`3754b527 : 00000000`0000000c ffffe105`89130000 ffff8306`4d217670 ffffe105`87e30dd0 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  1360. ffff8306`4d217610 fffff803`37561fd3 : 00000000`0000000c ffffe105`87e30dd0 00000000`00000008 00000000`00000008 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  1361. ffff8306`4d2176a0 fffff803`375636af : ffffe105`00000008 ffffe105`90c35b00 00000000`00000000 ffffe105`89130000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  1362. ffff8306`4d217710 fffff803`3748e05b : ffffe105`921d35c0 00000000`00000001 ffffe105`921d3680 fffff803`37474ee6 : nt!SmPageRead+0x33
  1363. ffff8306`4d217760 fffff803`3748d759 : 00000000`00000002 ffff8306`4d2177f0 ffff8306`4d217958 fffffc7e`00000a38 : nt!MiIssueHardFaultIo+0x117
  1364. ffff8306`4d2177b0 fffff803`37472f9b : 00000000`c0033333 00000000`00000001 00000000`28fb90cf fffff803`375c842f : nt!MiIssueHardFault+0x489
  1365. ffff8306`4d217860 fffff803`375cf320 : 00000000`109f5608 ffff8306`4d217a80 00000000`00a39000 ffff8306`4d217a80 : nt!MmAccessFault+0x40b
  1366. ffff8306`4d217a00 00000000`770c662f : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffff8306`4d217a00)
  1367. 00000000`16fff178 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x770c662f
  1368.  
  1369.  
  1370. ========================================================================
  1371. ======================= Dump #3: ANALYZE VERBOSE =======================
  1372. ====================== File: 080320-46015-01.dmp =======================
  1373. ========================================================================
  1374.  
  1375. Mini Kernel Dump File: Only registers and stack trace are available
  1376. Windows 10 Kernel Version 18362 MP (4 procs) Free x64
  1377. Kernel base = 0xfffff802`2b800000 PsLoadedModuleList = 0xfffff802`2bc48210
  1378. Debug session time: Mon Aug 3 05:11:20.393 2020 (UTC - 4:00)
  1379. System Uptime: 0 days 3:31:45.066
  1380.  
  1381. BugCheck 1A, {3f, 8e42d, 8e42d, ccd97c9f}
  1382. *** WARNING: Unable to verify timestamp for win32k.sys
  1383. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  1384. Probably caused by : memory_corruption
  1385. Followup: memory_corruption
  1386. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  1387.  
  1388. MEMORY_MANAGEMENT (1a)
  1389. # Any other values for parameter 1 must be individually examined.
  1390.  
  1391. Arguments:
  1392. Arg1: 000000000000003f, The subtype of the bugcheck.
  1393. Arg2: 000000000008e42d
  1394. Arg3: 000000000008e42d
  1395. Arg4: 00000000ccd97c9f
  1396.  
  1397. Debugging Details:
  1398. DUMP_CLASS: 1
  1399. DUMP_QUALIFIER: 400
  1400. DUMP_TYPE: 2
  1401. ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
  1402. The data read from storage does not match the original data written.
  1403. This indicates the data was corrupted by the storage stack, or device hardware.
  1404. BUGCHECK_STR: 0x1a_3f
  1405. CUSTOMER_CRASH_COUNT: 1
  1406. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  1407.  
  1408. PROCESS_NAME: MemCompression
  1409.  
  1410. CURRENT_IRQL: 2
  1411. PAGE_HASH_ERRORS_DETECTED: 1
  1412. TRAP_FRAME: ffffb08d039c6f50 -- (.trap 0xffffb08d039c6f50)
  1413. NOTE: The trap frame does not contain all registers.
  1414. Some register values may be zeroed or incorrect.
  1415. rax=fffff8022b95e100 rbx=0000000000000000 rcx=ffff9e80e8080000
  1416. rdx=ffff9e80e8080000 rsi=0000000000000000 rdi=0000000000000000
  1417. rip=fffff8022b95e150 rsp=ffffb08d039c70e8 rbp=ffff9e80e8080000
  1418. r8=000001c7f25a28f0 r9=000000000000042b r10=ffff9e80e8080ea0
  1419. r11=000001c7f25a2d1b r12=0000000000000000 r13=0000000000000000
  1420. r14=0000000000000000 r15=0000000000000000
  1421. iopl=0 nv up ei pl zr na po nc
  1422. nt!RtlDecompressBufferXpressLz+0x50:
  1423. fffff802`2b95e150 418b08 mov ecx,dword ptr [r8] ds:000001c7`f25a28f0=????????
  1424. Resetting default scope
  1425. LAST_CONTROL_TRANSFER: from fffff8022ba63d96 to fffff8022b9c1220
  1426. STACK_TEXT:
  1427. ffffb08d`039c6ab8 fffff802`2ba63d96 : 00000000`0000001a 00000000`0000003f 00000000`0008e42d 00000000`0008e42d : nt!KeBugCheckEx
  1428. ffffb08d`039c6ac0 fffff802`2b88df32 : ffffe781`0d66fe60 ffffffff`ffffffff 00000000`00000000 ffffe781`0d66ff50 : nt!MiValidatePagefilePageHash+0x10176a
  1429. ffffb08d`039c6ba0 fffff802`2b88d47d : 00000000`00000002 ffffb08d`00000000 ffffb08d`039c6d58 fffff802`00000000 : nt!MiWaitForInPageComplete+0x472
  1430. ffffb08d`039c6cb0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000000 000001c7`f25a28f0 00000000`00000000 : nt!MiIssueHardFault+0x1ad
  1431. ffffb08d`039c6db0 fffff802`2b9cf320 : ffffb08d`039c7320 fffff802`2b9163ad ffffb08d`039c7378 ffffb08d`039c7360 : nt!MmAccessFault+0x40b
  1432. ffffb08d`039c6f50 fffff802`2b95e150 : ffff9e80`e8080000 ffffe781`0f21f050 fffff802`2b85cfc0 ffff9e80`e8080000 : nt!KiPageFault+0x360
  1433. ffffb08d`039c70e8 fffff802`2b85cfc0 : ffff9e80`e8080000 ffff9e80`e8080000 00000000`00000002 000001c7`f25a28f0 : nt!RtlDecompressBufferXpressLz+0x50
  1434. ffffb08d`039c7100 fffff802`2b95fed9 : 00000001`00000000 00000000`00000001 00000000`00000000 ffffe781`0f220788 : nt!RtlDecompressBufferEx+0x60
  1435. ffffb08d`039c7150 fffff802`2b95fd64 : 00000000`00000004 ffffb08d`039c7360 00000000`00000000 00000000`000022b8 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  1436. ffffb08d`039c7230 fffff802`2b95fbe2 : 00000000`00000001 00000000`000028f0 ffffe781`000028f0 ffffe781`00010000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  1437. ffffb08d`039c7280 fffff802`2b95fa0b : 00000000`ffffffff ffffe781`137b9000 ffffb08d`039c7360 ffffe781`08f95510 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  1438. ffffb08d`039c7320 fffff802`2b95f851 : ffffe781`137b9000 00000000`00000000 00000000`00000001 ffffe781`0f220788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  1439. ffffb08d`039c73d0 fffff802`2b95f761 : ffffe781`0f21f000 ffffe781`08f95510 ffffe781`137b9000 ffffe781`0f2209b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  1440. ffffb08d`039c7450 fffff802`2b869e18 : ffffe781`11006080 ffffe781`0f21f000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  1441. ffffb08d`039c7480 fffff802`2b962cc1 : fffff802`2b95f740 ffffb08d`039c7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  1442. ffffb08d`039c74f0 fffff802`2b94b941 : ffffb08d`039c75f0 fffff802`2bd8db78 ffffe781`0f21f000 ffffb08d`039c7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  1443. ffffb08d`039c75c0 fffff802`2b94b527 : 00000000`0000000c ffffe781`0f21f000 ffffb08d`039c7670 ffffe781`08f95510 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  1444. ffffb08d`039c7610 fffff802`2b961fd3 : 00000000`0000000c ffffe781`08f95510 00000000`00000010 00000000`00000010 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  1445. ffffb08d`039c76a0 fffff802`2b9636af : ffffe781`00000010 ffffe781`110943e0 00000000`00000000 ffffe781`0f21f000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  1446. ffffb08d`039c7710 fffff802`2b88e05b : ffffe781`130845c0 00000000`00000001 ffffe781`13084680 fffff802`2b874ee6 : nt!SmPageRead+0x33
  1447. ffffb08d`039c7760 fffff802`2b88d759 : 00000000`00000002 ffffb08d`039c77f0 ffffb08d`039c7958 ffffd4ea`4077ce98 : nt!MiIssueHardFaultIo+0x117
  1448. ffffb08d`039c77b0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000001 000001df`3a623738 ffffe781`1200ddd0 : nt!MiIssueHardFault+0x489
  1449. ffffb08d`039c7860 fffff802`2b9cf320 : 00000003`01889707 ffffb08d`039c7a80 00000000`00000034 ffffb08d`039c7a80 : nt!MmAccessFault+0x40b
  1450. ffffb08d`039c7a00 00007ffe`07feb801 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
  1451. 00000076`c31fe610 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`07feb801
  1452. STACK_COMMAND: kb
  1453. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  1454. fffff8022b873034-fffff8022b873038 5 bytes - nt!MmAccessFault+4a4
  1455. [ df be 7d fb f6:9f 3a 75 ea d4 ]
  1456. fffff8022b88d4dd - nt!MiIssueHardFault+20d (+0x1a4a9)
  1457. [ f6:d4 ]
  1458. fffff8022b963797-fffff8022b963798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0xd62ba)
  1459. [ 48 ff:4c 8b ]
  1460. fffff8022b96379e-fffff8022b9637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
  1461. [ 0f 1f 44 00:e8 1d 40 95 ]
  1462. 12 errors : !nt (fffff8022b873034-fffff8022b9637a1)
  1463. MODULE_NAME: memory_corruption
  1464.  
  1465. IMAGE_NAME: memory_corruption
  1466.  
  1467. FOLLOWUP_NAME: memory_corruption
  1468. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1469. MEMORY_CORRUPTOR: LARGE
  1470. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1471. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1472. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  1473. TARGET_TIME: 2020-08-03T09:11:20.000Z
  1474. SUITE_MASK: 272
  1475. PRODUCT_TYPE: 1
  1476. USER_LCID: 0
  1477. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  1478. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  1479. Followup: memory_corruption
  1480. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  1481.  
  1482. ====================== Dump #3: 3RD PARTY DRIVERS ======================
  1483.  
  1484. Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
  1485. May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  1486. Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
  1487. Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
  1488. May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  1489. Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  1490. Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  1491. Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
  1492. Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
  1493. Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
  1494. Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  1495. Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  1496. Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
  1497. Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
  1498. Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  1499. Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
  1500. Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  1501. Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
  1502. Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  1503. Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  1504. Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
  1505. May 19 2020 - igdkmd64.sys - Intel HD graphics driver
  1506. May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  1507. Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  1508. Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
  1509. Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
  1510. Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
  1511. Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  1512. Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
  1513. Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
  1514. ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
  1515. ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
  1516. ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
  1517.  
  1518. ================== Dump #3: 3RD PARTY DRIVERS (FULL) ===================
  1519.  
  1520. Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
  1521. Image name: klmouflt.sys
  1522. Search : https://www.google.com/search?q=klmouflt.sys
  1523. ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
  1524. Timestamp : Fri Sep 12 1975
  1525.  
  1526. Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
  1527. Image name: klwtp.sys
  1528. Search : https://www.google.com/search?q=klwtp.sys
  1529. ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  1530. Timestamp : Sat May 5 2007
  1531.  
  1532. Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
  1533. Image name: klbackupdisk.sys
  1534. Search : https://www.google.com/search?q=klbackupdisk.sys
  1535. ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
  1536. Timestamp : Sun Apr 13 2008
  1537.  
  1538. Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
  1539. Image name: AsUpIO.sys
  1540. Search : https://www.google.com/search?q=AsUpIO.sys
  1541. ADA Info : ASUS Update Input Output driver http://www.asus.com/
  1542. Timestamp : Mon Aug 2 2010
  1543.  
  1544. Image path: \SystemRoot\System32\drivers\ScpVBus.sys
  1545. Image name: ScpVBus.sys
  1546. Search : https://www.google.com/search?q=ScpVBus.sys
  1547. ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  1548. Timestamp : Sun May 5 2013
  1549.  
  1550. Image path: \SystemRoot\system32\DRIVERS\klim6.sys
  1551. Image name: klim6.sys
  1552. Search : https://www.google.com/search?q=klim6.sys
  1553. ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  1554. Timestamp : Wed Jan 7 2015
  1555.  
  1556. Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
  1557. Image name: SCDEmu.SYS
  1558. Search : https://www.google.com/search?q=SCDEmu.SYS
  1559. ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  1560. Timestamp : Tue Jun 6 2017
  1561.  
  1562. Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
  1563. Image name: YSDrv.sys
  1564. Search : https://www.google.com/search?q=YSDrv.sys
  1565. ADA Info : VirtualBox Support driver
  1566. Timestamp : Wed Oct 11 2017
  1567.  
  1568. Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
  1569. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  1570. Image name: TeeDriverW8x64.sys
  1571. Search : https://www.google.com/search?q=TeeDriverW8x64.sys
  1572. ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
  1573. Timestamp : Sun Nov 19 2017
  1574. File version: 11.7.0.1057
  1575. Product version: 11.7.0.1057
  1576. File flags: 8 (Mask 3F) Private
  1577. File OS: 40004 NT Win32
  1578. File type: 3.7 Driver
  1579. File date: 00000000.00000000
  1580. CompanyName: Intel Corporation
  1581. ProductName: Intel(R) Management Engine Interface
  1582. InternalName: TeeDriverx64.sys
  1583. OriginalFilename: TeeDriverx64.sys
  1584. ProductVersion: 11.7.0.1057
  1585. FileVersion: 11.7.0.1057
  1586. FileDescription: Intel(R) Management Engine Interface
  1587. LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
  1588.  
  1589. Image path: \SystemRoot\System32\drivers\kltap.sys
  1590. Image name: kltap.sys
  1591. Search : https://www.google.com/search?q=kltap.sys
  1592. ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
  1593. Timestamp : Fri Mar 16 2018
  1594.  
  1595. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  1596. Image name: RTKVHD64.sys
  1597. Search : https://www.google.com/search?q=RTKVHD64.sys
  1598. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  1599. Timestamp : Tue Nov 13 2018
  1600.  
  1601. Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
  1602. Image name: klupd_klif_kimul.sys
  1603. Search : https://www.google.com/search?q=klupd_klif_kimul.sys
  1604. ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  1605. Timestamp : Tue Jan 22 2019
  1606.  
  1607. Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
  1608. Image name: cm_km.sys
  1609. Search : https://www.google.com/search?q=cm_km.sys
  1610. ADA Info : Kaspersky Cryptographic Module Driver
  1611. Timestamp : Fri Feb 15 2019
  1612.  
  1613. Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
  1614. Image name: klwfp.sys
  1615. Search : https://www.google.com/search?q=klwfp.sys
  1616. ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
  1617. Timestamp : Tue Feb 26 2019
  1618.  
  1619. Image path: \SystemRoot\system32\drivers\womic.sys
  1620. Image name: womic.sys
  1621. Search : https://www.google.com/search?q=womic.sys
  1622. ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  1623. Timestamp : Wed Jul 3 2019
  1624.  
  1625. Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
  1626. Image name: IntcDAud.sys
  1627. Search : https://www.google.com/search?q=IntcDAud.sys
  1628. ADA Info : Intel Display Audio Driver http://www.intel.com/
  1629. Timestamp : Tue Feb 25 2020
  1630.  
  1631. Image path: \SystemRoot\system32\DRIVERS\klif.sys
  1632. Image name: klif.sys
  1633. Search : https://www.google.com/search?q=klif.sys
  1634. ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  1635. Timestamp : Fri Mar 13 2020
  1636.  
  1637. Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
  1638. Image name: klupd_klif_klark.sys
  1639. Search : https://www.google.com/search?q=klupd_klif_klark.sys
  1640. ADA Info : Kaspersky https://www.kaspersky.com/
  1641. Timestamp : Fri Mar 20 2020
  1642.  
  1643. Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
  1644. Image name: klupd_klif_mark.sys
  1645. Search : https://www.google.com/search?q=klupd_klif_mark.sys
  1646. ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  1647. Timestamp : Fri Mar 20 2020
  1648.  
  1649. Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
  1650. Image name: klupd_klif_arkmon.sys
  1651. Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
  1652. ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  1653. Timestamp : Sun Mar 22 2020
  1654.  
  1655. Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
  1656. Image name: tapprotonvpn.sys
  1657. Search : https://www.google.com/search?q=tapprotonvpn.sys
  1658. ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
  1659. Timestamp : Thu Apr 2 2020
  1660.  
  1661. Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
  1662. Image name: igdkmd64.sys
  1663. Search : https://www.google.com/search?q=igdkmd64.sys
  1664. ADA Info : Intel HD graphics driver
  1665. Timestamp : Tue May 19 2020
  1666.  
  1667. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  1668. Image name: rt640x64.sys
  1669. Search : https://www.google.com/search?q=rt640x64.sys
  1670. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  1671. Timestamp : Tue May 26 2020
  1672.  
  1673. Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
  1674. Image name: klupd_klif_klbg.sys
  1675. Search : https://www.google.com/search?q=klupd_klif_klbg.sys
  1676. ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  1677. Timestamp : Wed Jun 17 2020
  1678.  
  1679. Image path: \SystemRoot\system32\DRIVERS\klgse.sys
  1680. Image name: klgse.sys
  1681. Search : https://www.google.com/search?q=klgse.sys
  1682. ADA Info : Kaspersky Security Extender driver
  1683. Timestamp : Fri Jun 19 2020
  1684.  
  1685. Image path: \SystemRoot\system32\DRIVERS\klhk.sys
  1686. Image name: klhk.sys
  1687. Search : https://www.google.com/search?q=klhk.sys
  1688. ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
  1689. Timestamp : Fri Jun 19 2020
  1690.  
  1691. Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
  1692. Image name: klids.sys
  1693. Search : https://www.google.com/search?q=klids.sys
  1694. ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
  1695. Timestamp : Fri Jul 17 2020
  1696.  
  1697. Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
  1698. Image name: klkbdflt.sys
  1699. Search : https://www.google.com/search?q=klkbdflt.sys
  1700. ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  1701. Timestamp : Tue Nov 16 2021
  1702.  
  1703. Image path: \SystemRoot\system32\DRIVERS\klpd.sys
  1704. Image name: klpd.sys
  1705. Search : https://www.google.com/search?q=klpd.sys
  1706. ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
  1707. Timestamp : Tue Mar 13 2029
  1708.  
  1709. Image path: \SystemRoot\system32\DRIVERS\klflt.sys
  1710. Image name: klflt.sys
  1711. Search : https://www.google.com/search?q=klflt.sys
  1712. ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
  1713. Timestamp : Mon Aug 13 2029
  1714.  
  1715. Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
  1716. Image name: klbackupflt.sys
  1717. Search : https://www.google.com/search?q=klbackupflt.sys
  1718. ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
  1719. Timestamp : ***** Invalid (946E4501)
  1720.  
  1721. Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
  1722. Image name: kldisk.sys
  1723. Search : https://www.google.com/search?q=kldisk.sys
  1724. ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
  1725. Timestamp : ***** Invalid (B1F414C8)
  1726.  
  1727. Image path: \SystemRoot\system32\DRIVERS\kneps.sys
  1728. Image name: kneps.sys
  1729. Search : https://www.google.com/search?q=kneps.sys
  1730. ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
  1731. Timestamp : ***** Invalid (E34C73F4)
  1732.  
  1733. ====================== Dump #3: MICROSOFT DRIVERS ======================
  1734.  
  1735. ACPI.sys ACPI Driver for NT (Microsoft)
  1736. acpiex.sys ACPIEx Driver (Microsoft)
  1737. acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
  1738. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  1739. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  1740. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  1741. ahcache.sys Application Compatibility Cache (Microsoft)
  1742. bam.sys BAM Kernal driver (Microsoft)
  1743. BasicDisplay.sys Basic Display driver (Microsoft)
  1744. BasicRender.sys Basic Render driver (Microsoft)
  1745. Beep.SYS BEEP driver (Microsoft)
  1746. BOOTVID.dll VGA Boot Driver (Microsoft)
  1747. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  1748. cdd.dll Canonical Display Driver (Microsoft)
  1749. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  1750. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  1751. CI.dll Code Integrity Module (Microsoft)
  1752. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  1753. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  1754. CLFS.SYS Common Log File System Driver (Microsoft)
  1755. clipsp.sys CLIP Service (Microsoft)
  1756. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  1757. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  1758. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  1759. condrv.sys Console Driver (Microsoft)
  1760. crashdmp.sys Crash Dump driver (Microsoft)
  1761. csc.sys Windows Client Side Caching driver (Microsoft)
  1762. dfsc.sys DFS Namespace Client Driver (Microsoft)
  1763. disk.sys PnP Disk Driver (Microsoft)
  1764. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  1765. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1766. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1767. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1768. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  1769. dxgmms2.sys DirectX Graphics MMS
  1770. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  1771. fastfat.SYS Fast FAT File System Driver (Microsoft)
  1772. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  1773. fileinfo.sys FileInfo Filter Driver (Microsoft)
  1774. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  1775. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  1776. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  1777. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  1778. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  1779. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  1780. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  1781. HIDCLASS.SYS Hid Class Library (Microsoft)
  1782. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  1783. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  1784. HTTP.sys HTTP Protocol Stack (Microsoft)
  1785. intelpep.sys Intel Power Engine Plugin (Microsoft)
  1786. intelppm.sys Processor Device Driver (Microsoft)
  1787. iorate.sys I/O rate control Filter (Microsoft)
  1788. kbdclass.sys Keyboard Class Driver (Microsoft)
  1789. kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
  1790. kd.dll Local Kernal Debugger (Microsoft)
  1791. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  1792. ks.sys Kernal CSA Library (Microsoft)
  1793. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  1794. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  1795. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  1796. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  1797. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  1798. mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
  1799. mmcss.sys MMCSS Driver (Microsoft)
  1800. monitor.sys Monitor Driver (Microsoft)
  1801. mouclass.sys Mouse Class Driver (Microsoft)
  1802. mouhid.sys HID Mouse Filter Driver (Microsoft)
  1803. mountmgr.sys Mount Point Manager (Microsoft)
  1804. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  1805. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  1806. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  1807. Msfs.SYS Mailslot driver (Microsoft)
  1808. msisadrv.sys ISA Driver (Microsoft)
  1809. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  1810. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  1811. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  1812. mssmbios.sys System Management BIOS driver (Microsoft)
  1813. mup.sys Multiple UNC Provider driver (Microsoft)
  1814. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  1815. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  1816. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  1817. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  1818. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  1819. NDProxy.sys NDIS Proxy driver (Microsoft)
  1820. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  1821. netbios.sys NetBIOS Interface driver (Microsoft)
  1822. netbt.sys MBT Transport driver (Microsoft)
  1823. NETIO.SYS Network I/O Subsystem (Microsoft)
  1824. Npfs.SYS NPFS driver (Microsoft)
  1825. npsvctrig.sys Named pipe service triggers (Microsoft)
  1826. nsiproxy.sys NSI Proxy driver (Microsoft)
  1827. Ntfs.sys NT File System Driver (Microsoft)
  1828. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  1829. ntosext.sys NTOS Extension Host driver (Microsoft)
  1830. Null.SYS NULL Driver (Microsoft)
  1831. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  1832. pacer.sys QoS Packet Scheduler (Microsoft)
  1833. parport.sys Parallel Port Driver (Microsoft)
  1834. partmgr.sys Partition driver (Microsoft)
  1835. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  1836. pcw.sys Performance Counter Driver (Microsoft)
  1837. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  1838. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  1839. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  1840. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  1841. qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
  1842. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  1843. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  1844. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  1845. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  1846. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  1847. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  1848. rdyboost.sys ReadyBoost Driver (Microsoft)
  1849. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  1850. serenum.sys Serial Port Enumerator (Microsoft)
  1851. serial.sys Serial Device Driver
  1852. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  1853. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  1854. spaceport.sys Storage Spaces driver (Microsoft)
  1855. srv2.sys Smb 2.0 Server driver (Microsoft)
  1856. srvnet.sys Server Network driver (Microsoft)
  1857. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  1858. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  1859. storqosflt.sys Storage QoS Filter driver (Microsoft)
  1860. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  1861. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  1862. tcpip.sys TCP/IP Protocol driver (Microsoft)
  1863. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  1864. TDI.SYS TDI Wrapper driver (Microsoft)
  1865. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  1866. tm.sys Kernel Transaction Manager driver (Microsoft)
  1867. ucx01000.sys USB Controller Extension (Microsoft)
  1868. UEFI.sys UEFI NT driver (Microsoft)
  1869. umbus.sys User-Mode Bus Enumerator (Microsoft)
  1870. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  1871. USBD.SYS Universal Serial Bus Driver (Microsoft)
  1872. UsbHub3.sys USB3 HUB driver (Microsoft)
  1873. USBXHCI.SYS USB XHCI driver (Microsoft)
  1874. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  1875. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  1876. volmgr.sys Volume Manager Driver (Microsoft)
  1877. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  1878. volsnap.sys Volume Shadow Copy driver (Microsoft)
  1879. volume.sys Volume driver (Microsoft)
  1880. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  1881. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  1882. watchdog.sys Watchdog driver (Microsoft)
  1883. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  1884. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  1885. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  1886. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  1887. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  1888. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  1889. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  1890. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  1891. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  1892. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  1893. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  1894. winquic.sys QUIC Transport Protocol driver (Microsoft)
  1895. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  1896. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  1897. Wof.sys Windows Overlay Filter (Microsoft)
  1898. WppRecorder.sys WPP Trace Recorder (Microsoft)
  1899.  
  1900. ====================== Dump #3: UNLOADED MODULES =======================
  1901.  
  1902. fffff802`35140000 fffff802`35179000 klids.sys
  1903. fffff802`347a0000 fffff802`347af000 dump_storpor
  1904. fffff802`34000000 fffff802`3402f000 dump_storahc
  1905. fffff802`34050000 fffff802`3406e000 dump_dumpfve
  1906. fffff802`37d60000 fffff802`37d6b000 klpnpflt.sys
  1907. fffff802`37cf0000 fffff802`37cfb000 klpnpflt.sys
  1908. fffff802`37c20000 fffff802`37c2b000 klpnpflt.sys
  1909. fffff802`351e0000 fffff802`351fe000 dam.sys
  1910. fffff802`2d3b0000 fffff802`2d3be000 klelam.sys
  1911. fffff802`2e3e0000 fffff802`2e3f0000 hwpolicy.sys
  1912.  
  1913. ====================== Dump #3: BIOS INFORMATION =======================
  1914.  
  1915. sysinfo: could not find necessary interfaces.
  1916. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  1917.  
  1918. ========================== Dump #3: Extra #1 ===========================
  1919.  
  1920. 2: kd> !verifier
  1921. Verify Flags Level 0x00000000
  1922. STANDARD FLAGS:
  1923. [X] (0x00000000) Automatic Checks
  1924. [ ] (0x00000001) Special pool
  1925. [ ] (0x00000002) Force IRQL checking
  1926. [ ] (0x00000008) Pool tracking
  1927. [ ] (0x00000010) I/O verification
  1928. [ ] (0x00000020) Deadlock detection
  1929. [ ] (0x00000080) DMA checking
  1930. [ ] (0x00000100) Security checks
  1931. [ ] (0x00000800) Miscellaneous checks
  1932. [ ] (0x00020000) DDI compliance checking
  1933. ADDITIONAL FLAGS:
  1934. [ ] (0x00000004) Randomized low resources simulation
  1935. [ ] (0x00000200) Force pending I/O requests
  1936. [ ] (0x00000400) IRP logging
  1937. [ ] (0x00002000) Invariant MDL checking for stack
  1938. [ ] (0x00004000) Invariant MDL checking for driver
  1939. [ ] (0x00008000) Power framework delay fuzzing
  1940. [ ] (0x00010000) Port/miniport interface checking
  1941. [ ] (0x00040000) Systematic low resources simulation
  1942. [ ] (0x00080000) DDI compliance checking (additional)
  1943. [ ] (0x00200000) NDIS/WIFI verification
  1944. [ ] (0x00800000) Kernel synchronization delay fuzzing
  1945. [ ] (0x01000000) VM switch verification
  1946. [ ] (0x02000000) Code integrity checks
  1947. [X] Indicates flag is enabled
  1948. Summary of All Verifier Statistics
  1949. RaiseIrqls 0x0
  1950. AcquireSpinLocks 0x0
  1951. Synch Executions 0x0
  1952. Trims 0x0
  1953. Pool Allocations Attempted 0x0
  1954. Pool Allocations Succeeded 0x0
  1955. Pool Allocations Succeeded SpecialPool 0x0
  1956. Pool Allocations With NO TAG 0x0
  1957. Pool Allocations Failed 0x0
  1958. Current paged pool allocations 0x0 for 00000000 bytes
  1959. Peak paged pool allocations 0x0 for 00000000 bytes
  1960. Current nonpaged pool allocations 0x0 for 00000000 bytes
  1961. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  1962.  
  1963. ========================== Dump #3: Extra #2 ===========================
  1964.  
  1965. 2: kd> !thread
  1966. THREAD ffffe78111006080 Cid 10bc.29c4 Teb: 00000076c29a1000 Win32Thread: 0000000000000000 RUNNING on processor 2
  1967. Not impersonating
  1968. GetUlongFromAddress: unable to read from fffff8022bc2ca14
  1969. Owning Process ffffe781130840c0 Image: System Process
  1970. Attached Process ffffe7810f221040 Image: MemCompression
  1971. fffff78000000000: Unable to get shared data
  1972. Wait Start TickCount 813112
  1973. Context Switch Count 39319 IdealProcessor: 0
  1974. ReadMemory error: Cannot get nt!KeMaximumIncrement value.
  1975. UserTime 00:00:00.000
  1976. KernelTime 00:00:00.000
  1977. Win32 Start Address 0x00007ff7a096a310
  1978. Stack Init ffffb08d039c7b90 Current ffffb08d039c6800
  1979. Base ffffb08d039c8000 Limit ffffb08d039c1000 Call 0000000000000000
  1980. Priority 5 BasePriority 4 PriorityDecrement 0 IoPriority 2 PagePriority 5
  1981. Child-SP RetAddr : Args to Child : Call Site
  1982. ffffb08d`039c6ab8 fffff802`2ba63d96 : 00000000`0000001a 00000000`0000003f 00000000`0008e42d 00000000`0008e42d : nt!KeBugCheckEx
  1983. ffffb08d`039c6ac0 fffff802`2b88df32 : ffffe781`0d66fe60 ffffffff`ffffffff 00000000`00000000 ffffe781`0d66ff50 : nt!MiValidatePagefilePageHash+0x10176a
  1984. ffffb08d`039c6ba0 fffff802`2b88d47d : 00000000`00000002 ffffb08d`00000000 ffffb08d`039c6d58 fffff802`00000000 : nt!MiWaitForInPageComplete+0x472
  1985. ffffb08d`039c6cb0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000000 000001c7`f25a28f0 00000000`00000000 : nt!MiIssueHardFault+0x1ad
  1986. ffffb08d`039c6db0 fffff802`2b9cf320 : ffffb08d`039c7320 fffff802`2b9163ad ffffb08d`039c7378 ffffb08d`039c7360 : nt!MmAccessFault+0x40b
  1987. ffffb08d`039c6f50 fffff802`2b95e150 : ffff9e80`e8080000 ffffe781`0f21f050 fffff802`2b85cfc0 ffff9e80`e8080000 : nt!KiPageFault+0x360 (TrapFrame @ ffffb08d`039c6f50)
  1988. ffffb08d`039c70e8 fffff802`2b85cfc0 : ffff9e80`e8080000 ffff9e80`e8080000 00000000`00000002 000001c7`f25a28f0 : nt!RtlDecompressBufferXpressLz+0x50
  1989. ffffb08d`039c7100 fffff802`2b95fed9 : 00000001`00000000 00000000`00000001 00000000`00000000 ffffe781`0f220788 : nt!RtlDecompressBufferEx+0x60
  1990. ffffb08d`039c7150 fffff802`2b95fd64 : 00000000`00000004 ffffb08d`039c7360 00000000`00000000 00000000`000022b8 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  1991. ffffb08d`039c7230 fffff802`2b95fbe2 : 00000000`00000001 00000000`000028f0 ffffe781`000028f0 ffffe781`00010000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  1992. ffffb08d`039c7280 fffff802`2b95fa0b : 00000000`ffffffff ffffe781`137b9000 ffffb08d`039c7360 ffffe781`08f95510 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  1993. ffffb08d`039c7320 fffff802`2b95f851 : ffffe781`137b9000 00000000`00000000 00000000`00000001 ffffe781`0f220788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  1994. ffffb08d`039c73d0 fffff802`2b95f761 : ffffe781`0f21f000 ffffe781`08f95510 ffffe781`137b9000 ffffe781`0f2209b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  1995. ffffb08d`039c7450 fffff802`2b869e18 : ffffe781`11006080 ffffe781`0f21f000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  1996. ffffb08d`039c7480 fffff802`2b962cc1 : fffff802`2b95f740 ffffb08d`039c7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  1997. ffffb08d`039c74f0 fffff802`2b94b941 : ffffb08d`039c75f0 fffff802`2bd8db78 ffffe781`0f21f000 ffffb08d`039c7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  1998. ffffb08d`039c75c0 fffff802`2b94b527 : 00000000`0000000c ffffe781`0f21f000 ffffb08d`039c7670 ffffe781`08f95510 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  1999. ffffb08d`039c7610 fffff802`2b961fd3 : 00000000`0000000c ffffe781`08f95510 00000000`00000010 00000000`00000010 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  2000. ffffb08d`039c76a0 fffff802`2b9636af : ffffe781`00000010 ffffe781`110943e0 00000000`00000000 ffffe781`0f21f000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  2001. ffffb08d`039c7710 fffff802`2b88e05b : ffffe781`130845c0 00000000`00000001 ffffe781`13084680 fffff802`2b874ee6 : nt!SmPageRead+0x33
  2002. ffffb08d`039c7760 fffff802`2b88d759 : 00000000`00000002 ffffb08d`039c77f0 ffffb08d`039c7958 ffffd4ea`4077ce98 : nt!MiIssueHardFaultIo+0x117
  2003. ffffb08d`039c77b0 fffff802`2b872f9b : 00000000`c0033333 00000000`00000001 000001df`3a623738 ffffe781`1200ddd0 : nt!MiIssueHardFault+0x489
  2004. ffffb08d`039c7860 fffff802`2b9cf320 : 00000003`01889707 ffffb08d`039c7a80 00000000`00000034 ffffb08d`039c7a80 : nt!MmAccessFault+0x40b
  2005. ffffb08d`039c7a00 00007ffe`07feb801 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffffb08d`039c7a00)
  2006. 00000076`c31fe610 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffe`07feb801
  2007.  
  2008.  
  2009. ========================================================================
  2010. ======================= Dump #4: ANALYZE VERBOSE =======================
  2011. ====================== File: 080320-45656-01.dmp =======================
  2012. ========================================================================
  2013.  
  2014. Mini Kernel Dump File: Only registers and stack trace are available
  2015. Windows 10 Kernel Version 18362 MP (4 procs) Free x64
  2016. Kernel base = 0xfffff800`4ac00000 PsLoadedModuleList = 0xfffff800`4b048210
  2017. Debug session time: Mon Aug 3 11:36:24.982 2020 (UTC - 4:00)
  2018. System Uptime: 0 days 6:23:57.655
  2019.  
  2020. BugCheck 154, {ffffe38f60d57000, ffffcc087b4b5f60, 2, 0}
  2021. *** WARNING: Unable to verify timestamp for win32k.sys
  2022. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  2023. Probably caused by : hardware_disk
  2024. Followup: MachineOwner
  2025.  
  2026. UNEXPECTED_STORE_EXCEPTION (154)
  2027. The store component caught an unexpected exception.
  2028.  
  2029. Arguments:
  2030. Arg1: ffffe38f60d57000, Pointer to the store context or data manager
  2031. Arg2: ffffcc087b4b5f60, Exception information
  2032. Arg3: 0000000000000002, Reserved
  2033. Arg4: 0000000000000000, Reserved
  2034.  
  2035. Debugging Details:
  2036. DUMP_CLASS: 1
  2037. DUMP_QUALIFIER: 400
  2038. DUMP_TYPE: 2
  2039. EXCEPTION_RECORD: ffffcc087b4b6f08 -- (.exr 0xffffcc087b4b6f08)
  2040. ExceptionAddress: fffff8004add4280 (nt!memcpy+0x0000000000000240)
  2041. ExceptionCode: c0000006 (In-page I/O error)
  2042. ExceptionFlags: 00000000
  2043. NumberParameters: 3
  2044. Parameter[0]: 0000000000000000
  2045. Parameter[1]: 000001cb31fc8ff0
  2046. Parameter[2]: 00000000c0000483
  2047. Inpage operation failed at 000001cb31fc8ff0, due to I/O error 00000000c0000483
  2048. EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
  2049. FAULTING_IP:
  2050. nt!memcpy+240
  2051. fffff800`4add4280 f30f6f4411f0 movdqu xmm0,xmmword ptr [rcx+rdx-10h]
  2052. FOLLOWUP_IP:
  2053. +0
  2054. 000001cb`31fc8ff0 ?? ???
  2055. EXCEPTION_PARAMETER1: 0000000000000000
  2056. EXCEPTION_PARAMETER2: 000001cb31fc8ff0
  2057. CONTEXT: ffffcc087b4b6750 -- (.cxr 0xffffcc087b4b6750)
  2058. rax=ffffa901eba3a000 rbx=0000000000001000 rcx=ffffa901eba3a000
  2059. rdx=000058c94658f000 rsi=0000000000000002 rdi=000001cb31fc8000
  2060. rip=fffff8004add4280 rsp=ffffcc087b4b7148 rbp=ffffa901eba39000
  2061. r8=0000000000000000 r9=0000000000000080 r10=7ffffffffffffffc
  2062. r11=ffffa901eba39000 r12=ffffcc087b4b7378 r13=ffffe38f63e2f000
  2063. r14=ffffe38f60d57050 r15=ffffa901eba39000
  2064. iopl=0 nv up ei pl zr na po nc
  2065. cs=0010 ss=0000 ds=002b es=002b fs=0053 gs=002b efl=00050246
  2066. nt!memcpy+0x240:
  2067. fffff800`4add4280 f30f6f4411f0 movdqu xmm0,xmmword ptr [rcx+rdx-10h] ds:002b:000001cb`31fc8ff0=????????????????????????????????
  2068. Resetting default scope
  2069. CUSTOMER_CRASH_COUNT: 1
  2070. DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
  2071.  
  2072. PROCESS_NAME: MemCompression
  2073.  
  2074. CURRENT_IRQL: 0
  2075. ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
  2076. EXCEPTION_CODE_STR: c0000006
  2077. EXCEPTION_PARAMETER3: 00000000c0000483
  2078. IO_ERROR: (NTSTATUS) 0xc0000483 - The request failed due to a fatal device hardware error.
  2079. EXCEPTION_STR: 0xc0000006_c0000483
  2080. BUGCHECK_STR: 0x154_c0000006_c0000483
  2081. STACK_TEXT:
  2082. ffffcc08`7b4b5ea8 fffff800`4af21aea : 00000000`00000154 ffffe38f`60d57000 ffffcc08`7b4b5f60 00000000`00000002 : nt!KeBugCheckEx
  2083. ffffcc08`7b4b5eb0 fffff800`4addb1de : ffffe38f`60d57000 ffffcc08`7b4b5f60 ffffe38f`00000002 ffffe38f`00000050 : nt!SMKM_STORE<SM_TRAITS>::SmStUnhandledExceptionFilter+0x7e
  2084. ffffcc08`7b4b5f00 fffff800`4ad9c399 : 00000000`00000002 ffffcc08`7b4b73d0 ffffcc08`7b4b1000 ffffcc08`7b4b8000 : nt!`SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue'::`1'::filt$0+0x22
  2085. ffffcc08`7b4b5f30 fffff800`4adca04f : ffffcc08`7b4b73d0 ffffcc08`7b4b6510 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xa9
  2086. ffffcc08`7b4b5fa0 fffff800`4acc3375 : 00000000`00000000 00000000`00000000 ffffcc08`7b4b6510 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0xf
  2087. ffffcc08`7b4b5fd0 fffff800`4acc790e : ffffcc08`7b4b6f08 ffffcc08`7b4b6c50 ffffcc08`7b4b6f08 000001cb`31fc8000 : nt!RtlDispatchException+0x4a5
  2088. ffffcc08`7b4b6720 fffff800`4add321d : ffffe38f`60d5c600 fffff800`4ac86c8d 00000000`00010000 ffffcc08`7b4b6fb0 : nt!KiDispatchException+0x16e
  2089. ffffcc08`7b4b6dd0 fffff800`4adcf405 : 00000000`00000030 ffff990d`96000000 ffffcc08`7b4b7378 ffffffff`ffffffff : nt!KiExceptionDispatch+0x11d
  2090. ffffcc08`7b4b6fb0 fffff800`4add4280 : fffff800`4ad5ff69 00000000`00000000 fffff800`00000001 00000000`00000000 : nt!KiPageFault+0x445
  2091. ffffcc08`7b4b7148 fffff800`4ad5ff69 : 00000000`00000000 fffff800`00000001 00000000`00000000 ffffe38f`60d58788 : nt!memcpy+0x240
  2092. ffffcc08`7b4b7150 fffff800`4ad5fd64 : 00000000`00000004 ffffcc08`7b4b7360 00000000`00000000 00000000`00000445 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x1e5
  2093. ffffcc08`7b4b7230 fffff800`4ad5fbe2 : 00000000`00000001 00000000`00008000 ffffe38f`00008000 ffffe38f`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  2094. ffffcc08`7b4b7280 fffff800`4ad5fa0b : 00000000`ffffffff ffffe38f`63e2f000 ffffcc08`7b4b7360 ffffe38f`6238b650 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  2095. ffffcc08`7b4b7320 fffff800`4ad5f851 : ffffe38f`63e2f000 00000000`00000000 00000000`00000001 ffffe38f`60d58788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  2096. ffffcc08`7b4b73d0 fffff800`4ad5f761 : ffffe38f`60d57000 ffffe38f`6238b650 ffffe38f`63e2f000 ffffe38f`60d589b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  2097. ffffcc08`7b4b7450 fffff800`4ac69e18 : ffffe38f`622a35c0 ffffe38f`60d57000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  2098. ffffcc08`7b4b7480 fffff800`4ad62cc1 : fffff800`4ad5f740 ffffcc08`7b4b7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  2099. ffffcc08`7b4b74f0 fffff800`4ad4b941 : ffffcc08`7b4b75f0 fffff800`4b18db78 ffffe38f`60d57000 ffffcc08`7b4b7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  2100. ffffcc08`7b4b75c0 fffff800`4ad4b527 : 00000000`0000000c ffffe38f`60d57000 ffffcc08`7b4b7670 ffffe38f`6238b650 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  2101. ffffcc08`7b4b7610 fffff800`4ad61fd3 : 00000000`0000000c ffffe38f`6238b650 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  2102. ffffcc08`7b4b76a0 fffff800`4ad636af : ffffe38f`00000001 ffffe38f`5b7c25a0 00000000`00000000 ffffe38f`60d57000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  2103. ffffcc08`7b4b7710 fffff800`4ac8e05b : ffffe38f`614b4580 00000000`00000001 ffffe38f`614b4640 fffff800`4ac74ee6 : nt!SmPageRead+0x33
  2104. ffffcc08`7b4b7760 fffff800`4ac8d759 : 00000000`00000002 ffffcc08`7b4b77f0 ffffcc08`7b4b7958 ffff8b45`80000630 : nt!MiIssueHardFaultIo+0x117
  2105. ffffcc08`7b4b77b0 fffff800`4ac72f9b : 00000000`c0033333 00000000`00000001 00000000`18dcba5f 00000000`00000000 : nt!MiIssueHardFault+0x489
  2106. ffffcc08`7b4b7860 fffff800`4adcf320 : 00000000`0000031d ffffcc08`7b4b7a80 00000000`1aeff000 ffffcc08`7b4b7a80 : nt!MmAccessFault+0x40b
  2107. ffffcc08`7b4b7a00 00000000`751fe7c1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360
  2108. 00000000`0be3f3f4 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x751fe7c1
  2109. STACK_COMMAND: kb
  2110. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  2111. fffff8004ac4c253-fffff8004ac4c254 2 bytes - nt!MiInsertCachedPte+223
  2112. [ ff f6:7f 8b ]
  2113. fffff8004ad2066c-fffff8004ad2066d 2 bytes - nt!MiZeroLargePage+38 (+0xd4419)
  2114. [ 80 fa:00 f9 ]
  2115. fffff8004ad206c3-fffff8004ad206c4 2 bytes - nt!MiZeroLargePage+8f (+0x57)
  2116. [ 80 fa:00 f9 ]
  2117. fffff8004ad63797-fffff8004ad63798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x430d4)
  2118. [ 48 ff:4c 8b ]
  2119. fffff8004ad6379e-fffff8004ad637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
  2120. [ 0f 1f 44 00:e8 1d 40 95 ]
  2121. 12 errors : !nt (fffff8004ac4c253-fffff8004ad637a1)
  2122. THREAD_SHA1_HASH_MOD_FUNC: 8b32537f80d6f3fa5b8133f311ec70ca7bdda2c9
  2123. THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 487a91f526f9c98e686dddb00bf72462a2e7f184
  2124. THREAD_SHA1_HASH_MOD: 5434264786d357a84eafd69f2aecb7bcf64dc830
  2125. FOLLOWUP_NAME: MachineOwner
  2126. MODULE_NAME: hardware_disk
  2127.  
  2128. IMAGE_NAME: hardware_disk
  2129.  
  2130. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  2131. FAILURE_BUCKET_ID: 0x154_c0000006_c0000483_IMAGE_hardware_disk
  2132. BUCKET_ID: 0x154_c0000006_c0000483_IMAGE_hardware_disk
  2133. PRIMARY_PROBLEM_CLASS: 0x154_c0000006_c0000483_IMAGE_hardware_disk
  2134. TARGET_TIME: 2020-08-03T15:36:24.000Z
  2135. SUITE_MASK: 272
  2136. PRODUCT_TYPE: 1
  2137. USER_LCID: 0
  2138. FAILURE_ID_HASH_STRING: km:0x154_c0000006_c0000483_image_hardware_disk
  2139. FAILURE_ID_HASH: {d170a5ab-ac8b-0fed-3160-792217daec42}
  2140. Followup: MachineOwner
  2141.  
  2142. ====================== Dump #4: 3RD PARTY DRIVERS ======================
  2143.  
  2144. Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
  2145. May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  2146. Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
  2147. Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
  2148. May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  2149. Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  2150. Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  2151. Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
  2152. Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
  2153. Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
  2154. Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  2155. Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  2156. Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
  2157. Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
  2158. Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  2159. Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
  2160. Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  2161. Mar 20 2020 - klupd_klif_klark.sys - Kaspersky https://www.kaspersky.com/
  2162. Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  2163. Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  2164. Mar 26 2020 - EasyAntiCheat.sys - EasyAntiCheat is a anti-cheat driver (EasyAntiCheat Oy.) https://support.easyanticheat.net/
  2165. Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
  2166. May 19 2020 - igdkmd64.sys - Intel HD graphics driver
  2167. May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  2168. Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  2169. Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
  2170. Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
  2171. Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
  2172. Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  2173. Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
  2174. Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
  2175. ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
  2176. ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
  2177. ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
  2178.  
  2179. ================== Dump #4: 3RD PARTY DRIVERS (FULL) ===================
  2180.  
  2181. Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
  2182. Image name: klmouflt.sys
  2183. Search : https://www.google.com/search?q=klmouflt.sys
  2184. ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
  2185. Timestamp : Fri Sep 12 1975
  2186.  
  2187. Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
  2188. Image name: klwtp.sys
  2189. Search : https://www.google.com/search?q=klwtp.sys
  2190. ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  2191. Timestamp : Sat May 5 2007
  2192.  
  2193. Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
  2194. Image name: klbackupdisk.sys
  2195. Search : https://www.google.com/search?q=klbackupdisk.sys
  2196. ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
  2197. Timestamp : Sun Apr 13 2008
  2198.  
  2199. Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
  2200. Image name: AsUpIO.sys
  2201. Search : https://www.google.com/search?q=AsUpIO.sys
  2202. ADA Info : ASUS Update Input Output driver http://www.asus.com/
  2203. Timestamp : Mon Aug 2 2010
  2204.  
  2205. Image path: \SystemRoot\System32\drivers\ScpVBus.sys
  2206. Image name: ScpVBus.sys
  2207. Search : https://www.google.com/search?q=ScpVBus.sys
  2208. ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  2209. Timestamp : Sun May 5 2013
  2210.  
  2211. Image path: \SystemRoot\system32\DRIVERS\klim6.sys
  2212. Image name: klim6.sys
  2213. Search : https://www.google.com/search?q=klim6.sys
  2214. ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  2215. Timestamp : Wed Jan 7 2015
  2216.  
  2217. Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
  2218. Image name: SCDEmu.SYS
  2219. Search : https://www.google.com/search?q=SCDEmu.SYS
  2220. ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  2221. Timestamp : Tue Jun 6 2017
  2222.  
  2223. Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
  2224. Image name: YSDrv.sys
  2225. Search : https://www.google.com/search?q=YSDrv.sys
  2226. ADA Info : VirtualBox Support driver
  2227. Timestamp : Wed Oct 11 2017
  2228.  
  2229. Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
  2230. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  2231. Image name: TeeDriverW8x64.sys
  2232. Search : https://www.google.com/search?q=TeeDriverW8x64.sys
  2233. ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
  2234. Timestamp : Sun Nov 19 2017
  2235. File version: 11.7.0.1057
  2236. Product version: 11.7.0.1057
  2237. File flags: 8 (Mask 3F) Private
  2238. File OS: 40004 NT Win32
  2239. File type: 3.7 Driver
  2240. File date: 00000000.00000000
  2241. CompanyName: Intel Corporation
  2242. ProductName: Intel(R) Management Engine Interface
  2243. InternalName: TeeDriverx64.sys
  2244. OriginalFilename: TeeDriverx64.sys
  2245. ProductVersion: 11.7.0.1057
  2246. FileVersion: 11.7.0.1057
  2247. FileDescription: Intel(R) Management Engine Interface
  2248. LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
  2249.  
  2250. Image path: \SystemRoot\System32\drivers\kltap.sys
  2251. Image name: kltap.sys
  2252. Search : https://www.google.com/search?q=kltap.sys
  2253. ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
  2254. Timestamp : Fri Mar 16 2018
  2255.  
  2256. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  2257. Image name: RTKVHD64.sys
  2258. Search : https://www.google.com/search?q=RTKVHD64.sys
  2259. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  2260. Timestamp : Tue Nov 13 2018
  2261.  
  2262. Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
  2263. Image name: klupd_klif_kimul.sys
  2264. Search : https://www.google.com/search?q=klupd_klif_kimul.sys
  2265. ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  2266. Timestamp : Tue Jan 22 2019
  2267.  
  2268. Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
  2269. Image name: cm_km.sys
  2270. Search : https://www.google.com/search?q=cm_km.sys
  2271. ADA Info : Kaspersky Cryptographic Module Driver
  2272. Timestamp : Fri Feb 15 2019
  2273.  
  2274. Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
  2275. Image name: klwfp.sys
  2276. Search : https://www.google.com/search?q=klwfp.sys
  2277. ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
  2278. Timestamp : Tue Feb 26 2019
  2279.  
  2280. Image path: \SystemRoot\system32\drivers\womic.sys
  2281. Image name: womic.sys
  2282. Search : https://www.google.com/search?q=womic.sys
  2283. ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  2284. Timestamp : Wed Jul 3 2019
  2285.  
  2286. Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
  2287. Image name: IntcDAud.sys
  2288. Search : https://www.google.com/search?q=IntcDAud.sys
  2289. ADA Info : Intel Display Audio Driver http://www.intel.com/
  2290. Timestamp : Tue Feb 25 2020
  2291.  
  2292. Image path: \SystemRoot\system32\DRIVERS\klif.sys
  2293. Image name: klif.sys
  2294. Search : https://www.google.com/search?q=klif.sys
  2295. ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  2296. Timestamp : Fri Mar 13 2020
  2297.  
  2298. Image path: \SystemRoot\System32\Drivers\klupd_klif_klark.sys
  2299. Image name: klupd_klif_klark.sys
  2300. Search : https://www.google.com/search?q=klupd_klif_klark.sys
  2301. ADA Info : Kaspersky https://www.kaspersky.com/
  2302. Timestamp : Fri Mar 20 2020
  2303.  
  2304. Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
  2305. Image name: klupd_klif_mark.sys
  2306. Search : https://www.google.com/search?q=klupd_klif_mark.sys
  2307. ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  2308. Timestamp : Fri Mar 20 2020
  2309.  
  2310. Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
  2311. Image name: klupd_klif_arkmon.sys
  2312. Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
  2313. ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  2314. Timestamp : Sun Mar 22 2020
  2315.  
  2316. Image path: \??\C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.sys
  2317. Image name: EasyAntiCheat.sys
  2318. Search : https://www.google.com/search?q=EasyAntiCheat.sys
  2319. ADA Info : EasyAntiCheat is a anti-cheat driver (EasyAntiCheat Oy.) https://support.easyanticheat.net/
  2320. Timestamp : Thu Mar 26 2020
  2321.  
  2322. Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
  2323. Image name: tapprotonvpn.sys
  2324. Search : https://www.google.com/search?q=tapprotonvpn.sys
  2325. ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
  2326. Timestamp : Thu Apr 2 2020
  2327.  
  2328. Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
  2329. Image name: igdkmd64.sys
  2330. Search : https://www.google.com/search?q=igdkmd64.sys
  2331. ADA Info : Intel HD graphics driver
  2332. Timestamp : Tue May 19 2020
  2333.  
  2334. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  2335. Image name: rt640x64.sys
  2336. Search : https://www.google.com/search?q=rt640x64.sys
  2337. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  2338. Timestamp : Tue May 26 2020
  2339.  
  2340. Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
  2341. Image name: klupd_klif_klbg.sys
  2342. Search : https://www.google.com/search?q=klupd_klif_klbg.sys
  2343. ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  2344. Timestamp : Wed Jun 17 2020
  2345.  
  2346. Image path: \SystemRoot\system32\DRIVERS\klgse.sys
  2347. Image name: klgse.sys
  2348. Search : https://www.google.com/search?q=klgse.sys
  2349. ADA Info : Kaspersky Security Extender driver
  2350. Timestamp : Fri Jun 19 2020
  2351.  
  2352. Image path: \SystemRoot\system32\DRIVERS\klhk.sys
  2353. Image name: klhk.sys
  2354. Search : https://www.google.com/search?q=klhk.sys
  2355. ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
  2356. Timestamp : Fri Jun 19 2020
  2357.  
  2358. Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
  2359. Image name: klids.sys
  2360. Search : https://www.google.com/search?q=klids.sys
  2361. ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
  2362. Timestamp : Fri Jul 17 2020
  2363.  
  2364. Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
  2365. Image name: klkbdflt.sys
  2366. Search : https://www.google.com/search?q=klkbdflt.sys
  2367. ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  2368. Timestamp : Tue Nov 16 2021
  2369.  
  2370. Image path: \SystemRoot\system32\DRIVERS\klpd.sys
  2371. Image name: klpd.sys
  2372. Search : https://www.google.com/search?q=klpd.sys
  2373. ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
  2374. Timestamp : Tue Mar 13 2029
  2375.  
  2376. Image path: \SystemRoot\system32\DRIVERS\klflt.sys
  2377. Image name: klflt.sys
  2378. Search : https://www.google.com/search?q=klflt.sys
  2379. ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
  2380. Timestamp : Mon Aug 13 2029
  2381.  
  2382. Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
  2383. Image name: klbackupflt.sys
  2384. Search : https://www.google.com/search?q=klbackupflt.sys
  2385. ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
  2386. Timestamp : ***** Invalid (946E4501)
  2387.  
  2388. Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
  2389. Image name: kldisk.sys
  2390. Search : https://www.google.com/search?q=kldisk.sys
  2391. ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
  2392. Timestamp : ***** Invalid (B1F414C8)
  2393.  
  2394. Image path: \SystemRoot\system32\DRIVERS\kneps.sys
  2395. Image name: kneps.sys
  2396. Search : https://www.google.com/search?q=kneps.sys
  2397. ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
  2398. Timestamp : ***** Invalid (E34C73F4)
  2399.  
  2400. ====================== Dump #4: MICROSOFT DRIVERS ======================
  2401.  
  2402. ACPI.sys ACPI Driver for NT (Microsoft)
  2403. acpiex.sys ACPIEx Driver (Microsoft)
  2404. acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
  2405. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  2406. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  2407. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  2408. ahcache.sys Application Compatibility Cache (Microsoft)
  2409. bam.sys BAM Kernal driver (Microsoft)
  2410. BasicDisplay.sys Basic Display driver (Microsoft)
  2411. BasicRender.sys Basic Render driver (Microsoft)
  2412. Beep.SYS BEEP driver (Microsoft)
  2413. BOOTVID.dll VGA Boot Driver (Microsoft)
  2414. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  2415. cdd.dll Canonical Display Driver (Microsoft)
  2416. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  2417. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  2418. CI.dll Code Integrity Module (Microsoft)
  2419. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  2420. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  2421. CLFS.SYS Common Log File System Driver (Microsoft)
  2422. clipsp.sys CLIP Service (Microsoft)
  2423. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  2424. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  2425. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  2426. condrv.sys Console Driver (Microsoft)
  2427. crashdmp.sys Crash Dump driver (Microsoft)
  2428. csc.sys Windows Client Side Caching driver (Microsoft)
  2429. dfsc.sys DFS Namespace Client Driver (Microsoft)
  2430. disk.sys PnP Disk Driver (Microsoft)
  2431. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  2432. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  2433. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  2434. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  2435. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  2436. dxgmms2.sys DirectX Graphics MMS
  2437. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  2438. fastfat.SYS Fast FAT File System Driver (Microsoft)
  2439. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  2440. fileinfo.sys FileInfo Filter Driver (Microsoft)
  2441. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  2442. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  2443. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  2444. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  2445. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  2446. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  2447. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  2448. HIDCLASS.SYS Hid Class Library (Microsoft)
  2449. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  2450. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  2451. HTTP.sys HTTP Protocol Stack (Microsoft)
  2452. intelpep.sys Intel Power Engine Plugin (Microsoft)
  2453. intelppm.sys Processor Device Driver (Microsoft)
  2454. iorate.sys I/O rate control Filter (Microsoft)
  2455. kbdclass.sys Keyboard Class Driver (Microsoft)
  2456. kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
  2457. kd.dll Local Kernal Debugger (Microsoft)
  2458. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  2459. ks.sys Kernal CSA Library (Microsoft)
  2460. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  2461. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  2462. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  2463. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  2464. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  2465. mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
  2466. mmcss.sys MMCSS Driver (Microsoft)
  2467. monitor.sys Monitor Driver (Microsoft)
  2468. mouclass.sys Mouse Class Driver (Microsoft)
  2469. mouhid.sys HID Mouse Filter Driver (Microsoft)
  2470. mountmgr.sys Mount Point Manager (Microsoft)
  2471. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  2472. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  2473. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  2474. Msfs.SYS Mailslot driver (Microsoft)
  2475. msisadrv.sys ISA Driver (Microsoft)
  2476. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  2477. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  2478. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  2479. mssmbios.sys System Management BIOS driver (Microsoft)
  2480. mup.sys Multiple UNC Provider driver (Microsoft)
  2481. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  2482. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  2483. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  2484. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  2485. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  2486. NDProxy.sys NDIS Proxy driver (Microsoft)
  2487. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  2488. netbios.sys NetBIOS Interface driver (Microsoft)
  2489. netbt.sys MBT Transport driver (Microsoft)
  2490. NETIO.SYS Network I/O Subsystem (Microsoft)
  2491. Npfs.SYS NPFS driver (Microsoft)
  2492. npsvctrig.sys Named pipe service triggers (Microsoft)
  2493. nsiproxy.sys NSI Proxy driver (Microsoft)
  2494. Ntfs.sys NT File System Driver (Microsoft)
  2495. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  2496. ntosext.sys NTOS Extension Host driver (Microsoft)
  2497. Null.SYS NULL Driver (Microsoft)
  2498. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  2499. pacer.sys QoS Packet Scheduler (Microsoft)
  2500. parport.sys Parallel Port Driver (Microsoft)
  2501. partmgr.sys Partition driver (Microsoft)
  2502. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  2503. pcw.sys Performance Counter Driver (Microsoft)
  2504. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  2505. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  2506. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  2507. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  2508. qwavedrv.sys Quality Windows Audio Video Experience (qWave) Support driver (Microsoft)
  2509. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  2510. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  2511. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  2512. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  2513. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  2514. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  2515. rdyboost.sys ReadyBoost Driver (Microsoft)
  2516. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  2517. serenum.sys Serial Port Enumerator (Microsoft)
  2518. serial.sys Serial Device Driver
  2519. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  2520. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  2521. spaceport.sys Storage Spaces driver (Microsoft)
  2522. srv2.sys Smb 2.0 Server driver (Microsoft)
  2523. srvnet.sys Server Network driver (Microsoft)
  2524. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  2525. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  2526. storqosflt.sys Storage QoS Filter driver (Microsoft)
  2527. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  2528. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  2529. tcpip.sys TCP/IP Protocol driver (Microsoft)
  2530. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  2531. TDI.SYS TDI Wrapper driver (Microsoft)
  2532. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  2533. tm.sys Kernel Transaction Manager driver (Microsoft)
  2534. ucx01000.sys USB Controller Extension (Microsoft)
  2535. UEFI.sys UEFI NT driver (Microsoft)
  2536. umbus.sys User-Mode Bus Enumerator (Microsoft)
  2537. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  2538. USBD.SYS Universal Serial Bus Driver (Microsoft)
  2539. UsbHub3.sys USB3 HUB driver (Microsoft)
  2540. USBXHCI.SYS USB XHCI driver (Microsoft)
  2541. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  2542. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  2543. volmgr.sys Volume Manager Driver (Microsoft)
  2544. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  2545. volsnap.sys Volume Shadow Copy driver (Microsoft)
  2546. volume.sys Volume driver (Microsoft)
  2547. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  2548. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  2549. watchdog.sys Watchdog driver (Microsoft)
  2550. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  2551. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  2552. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  2553. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  2554. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  2555. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  2556. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  2557. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  2558. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  2559. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  2560. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  2561. winquic.sys QUIC Transport Protocol driver (Microsoft)
  2562. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  2563. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  2564. Wof.sys Windows Overlay Filter (Microsoft)
  2565. WppRecorder.sys WPP Trace Recorder (Microsoft)
  2566.  
  2567. ====================== Dump #4: UNLOADED MODULES =======================
  2568.  
  2569. fffff800`4a070000 fffff800`4a07c000 cpuz149_x64.
  2570. fffff800`55c40000 fffff800`55c79000 klids.sys
  2571. fffff800`558b0000 fffff800`558bf000 dump_storpor
  2572. fffff800`558f0000 fffff800`5591f000 dump_storahc
  2573. fffff800`55940000 fffff800`5595e000 dump_dumpfve
  2574. fffff800`49260000 fffff800`4926b000 klpnpflt.sys
  2575. fffff800`49ff0000 fffff800`49ffb000 klpnpflt.sys
  2576. fffff800`58220000 fffff800`5822b000 klpnpflt.sys
  2577. fffff800`55ce0000 fffff800`55cfe000 dam.sys
  2578. fffff800`4e1b0000 fffff800`4e1be000 klelam.sys
  2579. fffff800`4f1e0000 fffff800`4f1f0000 hwpolicy.sys
  2580.  
  2581. ====================== Dump #4: BIOS INFORMATION =======================
  2582.  
  2583. sysinfo: could not find necessary interfaces.
  2584. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  2585.  
  2586. ========================== Dump #4: Extra #1 ===========================
  2587.  
  2588. 1: kd> !verifier
  2589. Verify Flags Level 0x00000000
  2590. STANDARD FLAGS:
  2591. [X] (0x00000000) Automatic Checks
  2592. [ ] (0x00000001) Special pool
  2593. [ ] (0x00000002) Force IRQL checking
  2594. [ ] (0x00000008) Pool tracking
  2595. [ ] (0x00000010) I/O verification
  2596. [ ] (0x00000020) Deadlock detection
  2597. [ ] (0x00000080) DMA checking
  2598. [ ] (0x00000100) Security checks
  2599. [ ] (0x00000800) Miscellaneous checks
  2600. [ ] (0x00020000) DDI compliance checking
  2601. ADDITIONAL FLAGS:
  2602. [ ] (0x00000004) Randomized low resources simulation
  2603. [ ] (0x00000200) Force pending I/O requests
  2604. [ ] (0x00000400) IRP logging
  2605. [ ] (0x00002000) Invariant MDL checking for stack
  2606. [ ] (0x00004000) Invariant MDL checking for driver
  2607. [ ] (0x00008000) Power framework delay fuzzing
  2608. [ ] (0x00010000) Port/miniport interface checking
  2609. [ ] (0x00040000) Systematic low resources simulation
  2610. [ ] (0x00080000) DDI compliance checking (additional)
  2611. [ ] (0x00200000) NDIS/WIFI verification
  2612. [ ] (0x00800000) Kernel synchronization delay fuzzing
  2613. [ ] (0x01000000) VM switch verification
  2614. [ ] (0x02000000) Code integrity checks
  2615. [X] Indicates flag is enabled
  2616. Summary of All Verifier Statistics
  2617. RaiseIrqls 0x0
  2618. AcquireSpinLocks 0x0
  2619. Synch Executions 0x0
  2620. Trims 0x0
  2621. Pool Allocations Attempted 0x0
  2622. Pool Allocations Succeeded 0x0
  2623. Pool Allocations Succeeded SpecialPool 0x0
  2624. Pool Allocations With NO TAG 0x0
  2625. Pool Allocations Failed 0x0
  2626. Current paged pool allocations 0x0 for 00000000 bytes
  2627. Peak paged pool allocations 0x0 for 00000000 bytes
  2628. Current nonpaged pool allocations 0x0 for 00000000 bytes
  2629. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  2630.  
  2631. ========================== Dump #4: Extra #2 ===========================
  2632.  
  2633. 1: kd> !thread
  2634. THREAD ffffe38f622a35c0 Cid 104c.24d8 Teb: 000000001aeff000 Win32Thread: 0000000000000000 RUNNING on processor 1
  2635. Impersonation token: ffff990d9d1a6060 (Level Impersonation)
  2636. GetUlongFromAddress: unable to read from fffff8004b02ca14
  2637. Owning Process ffffe38f614b4080 Image: avp.exe
  2638. Attached Process ffffe38f60d5c040 Image: MemCompression
  2639. fffff78000000000: Unable to get shared data
  2640. Wait Start TickCount 1474409
  2641. Context Switch Count 226 IdealProcessor: 3
  2642. ReadMemory error: Cannot get nt!KeMaximumIncrement value.
  2643. UserTime 00:00:00.000
  2644. KernelTime 00:00:00.000
  2645. Win32 Start Address 0x0000000076352450
  2646. Stack Init ffffcc087b4b7b90 Current ffffcc087b4b6860
  2647. Base ffffcc087b4b8000 Limit ffffcc087b4b1000 Call 0000000000000000
  2648. Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
  2649. Child-SP RetAddr : Args to Child : Call Site
  2650. ffffcc08`7b4b5ea8 fffff800`4af21aea : 00000000`00000154 ffffe38f`60d57000 ffffcc08`7b4b5f60 00000000`00000002 : nt!KeBugCheckEx
  2651. ffffcc08`7b4b5eb0 fffff800`4addb1de : ffffe38f`60d57000 ffffcc08`7b4b5f60 ffffe38f`00000002 ffffe38f`00000050 : nt!SMKM_STORE<SM_TRAITS>::SmStUnhandledExceptionFilter+0x7e
  2652. ffffcc08`7b4b5f00 fffff800`4ad9c399 : 00000000`00000002 ffffcc08`7b4b73d0 ffffcc08`7b4b1000 ffffcc08`7b4b8000 : nt!`SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue'::`1'::filt$0+0x22
  2653. ffffcc08`7b4b5f30 fffff800`4adca04f : ffffcc08`7b4b73d0 ffffcc08`7b4b6510 00000000`00000000 00000000`0010001f : nt!_C_specific_handler+0xa9
  2654. ffffcc08`7b4b5fa0 fffff800`4acc3375 : 00000000`00000000 00000000`00000000 ffffcc08`7b4b6510 00007fff`ffff0000 : nt!RtlpExecuteHandlerForException+0xf
  2655. ffffcc08`7b4b5fd0 fffff800`4acc790e : ffffcc08`7b4b6f08 ffffcc08`7b4b6c50 ffffcc08`7b4b6f08 000001cb`31fc8000 : nt!RtlDispatchException+0x4a5
  2656. ffffcc08`7b4b6720 fffff800`4add321d : ffffe38f`60d5c600 fffff800`4ac86c8d 00000000`00010000 ffffcc08`7b4b6fb0 : nt!KiDispatchException+0x16e
  2657. ffffcc08`7b4b6dd0 fffff800`4adcf405 : 00000000`00000030 ffff990d`96000000 ffffcc08`7b4b7378 ffffffff`ffffffff : nt!KiExceptionDispatch+0x11d
  2658. ffffcc08`7b4b6fb0 fffff800`4add4280 : fffff800`4ad5ff69 00000000`00000000 fffff800`00000001 00000000`00000000 : nt!KiPageFault+0x445 (TrapFrame @ ffffcc08`7b4b6fb0)
  2659. ffffcc08`7b4b7148 fffff800`4ad5ff69 : 00000000`00000000 fffff800`00000001 00000000`00000000 ffffe38f`60d58788 : nt!memcpy+0x240
  2660. ffffcc08`7b4b7150 fffff800`4ad5fd64 : 00000000`00000004 ffffcc08`7b4b7360 00000000`00000000 00000000`00000445 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x1e5
  2661. ffffcc08`7b4b7230 fffff800`4ad5fbe2 : 00000000`00000001 00000000`00008000 ffffe38f`00008000 ffffe38f`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  2662. ffffcc08`7b4b7280 fffff800`4ad5fa0b : 00000000`ffffffff ffffe38f`63e2f000 ffffcc08`7b4b7360 ffffe38f`6238b650 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  2663. ffffcc08`7b4b7320 fffff800`4ad5f851 : ffffe38f`63e2f000 00000000`00000000 00000000`00000001 ffffe38f`60d58788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  2664. ffffcc08`7b4b73d0 fffff800`4ad5f761 : ffffe38f`60d57000 ffffe38f`6238b650 ffffe38f`63e2f000 ffffe38f`60d589b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  2665. ffffcc08`7b4b7450 fffff800`4ac69e18 : ffffe38f`622a35c0 ffffe38f`60d57000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  2666. ffffcc08`7b4b7480 fffff800`4ad62cc1 : fffff800`4ad5f740 ffffcc08`7b4b7530 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  2667. ffffcc08`7b4b74f0 fffff800`4ad4b941 : ffffcc08`7b4b75f0 fffff800`4b18db78 ffffe38f`60d57000 ffffcc08`7b4b7740 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  2668. ffffcc08`7b4b75c0 fffff800`4ad4b527 : 00000000`0000000c ffffe38f`60d57000 ffffcc08`7b4b7670 ffffe38f`6238b650 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  2669. ffffcc08`7b4b7610 fffff800`4ad61fd3 : 00000000`0000000c ffffe38f`6238b650 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  2670. ffffcc08`7b4b76a0 fffff800`4ad636af : ffffe38f`00000001 ffffe38f`5b7c25a0 00000000`00000000 ffffe38f`60d57000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  2671. ffffcc08`7b4b7710 fffff800`4ac8e05b : ffffe38f`614b4580 00000000`00000001 ffffe38f`614b4640 fffff800`4ac74ee6 : nt!SmPageRead+0x33
  2672. ffffcc08`7b4b7760 fffff800`4ac8d759 : 00000000`00000002 ffffcc08`7b4b77f0 ffffcc08`7b4b7958 ffff8b45`80000630 : nt!MiIssueHardFaultIo+0x117
  2673. ffffcc08`7b4b77b0 fffff800`4ac72f9b : 00000000`c0033333 00000000`00000001 00000000`18dcba5f 00000000`00000000 : nt!MiIssueHardFault+0x489
  2674. ffffcc08`7b4b7860 fffff800`4adcf320 : 00000000`0000031d ffffcc08`7b4b7a80 00000000`1aeff000 ffffcc08`7b4b7a80 : nt!MmAccessFault+0x40b
  2675. ffffcc08`7b4b7a00 00000000`751fe7c1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x360 (TrapFrame @ ffffcc08`7b4b7a00)
  2676. 00000000`0be3f3f4 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x751fe7c1
  2677.  
  2678.  
  2679. ========================================================================
  2680. ======================= Dump #5: ANALYZE VERBOSE =======================
  2681. ====================== File: 080320-45250-01.dmp =======================
  2682. ========================================================================
  2683.  
  2684. Mini Kernel Dump File: Only registers and stack trace are available
  2685. Windows 10 Kernel Version 18362 MP (4 procs) Free x64
  2686. Kernel base = 0xfffff807`6ca00000 PsLoadedModuleList = 0xfffff807`6ce48210
  2687. Debug session time: Mon Aug 3 11:44:10.097 2020 (UTC - 4:00)
  2688. System Uptime: 0 days 0:06:41.770
  2689.  
  2690. BugCheck 1A, {3f, 7680, 7680, f30b3054}
  2691. *** WARNING: Unable to verify timestamp for win32k.sys
  2692. *** ERROR: Module load completed but symbols could not be loaded for win32k.sys
  2693. Probably caused by : memory_corruption
  2694. Followup: memory_corruption
  2695. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  2696.  
  2697. MEMORY_MANAGEMENT (1a)
  2698. # Any other values for parameter 1 must be individually examined.
  2699.  
  2700. Arguments:
  2701. Arg1: 000000000000003f, The subtype of the bugcheck.
  2702. Arg2: 0000000000007680
  2703. Arg3: 0000000000007680
  2704. Arg4: 00000000f30b3054
  2705.  
  2706. Debugging Details:
  2707. DUMP_CLASS: 1
  2708. DUMP_QUALIFIER: 400
  2709. DUMP_TYPE: 2
  2710. ADDITIONAL_DEBUG_TEXT: Memory Manager detected corruption of a pagefile page while performing an in-page operation.
  2711. The data read from storage does not match the original data written.
  2712. This indicates the data was corrupted by the storage stack, or device hardware.
  2713. BUGCHECK_STR: 0x1a_3f
  2714. CUSTOMER_CRASH_COUNT: 1
  2715. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  2716.  
  2717. PROCESS_NAME: MemCompression
  2718.  
  2719. CURRENT_IRQL: 2
  2720. PAGE_HASH_ERRORS_DETECTED: 1
  2721. TRAP_FRAME: ffffd28445e7f460 -- (.trap 0xffffd28445e7f460)
  2722. NOTE: The trap frame does not contain all registers.
  2723. Some register values may be zeroed or incorrect.
  2724. rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000011
  2725. rdx=fffff8076cf8f4b0 rsi=0000000000000000 rdi=0000000000000000
  2726. rip=fffff8076cfcb230 rsp=ffffd28445e7f5f0 rbp=ffffd788896c0080
  2727. r8=ffffd28445e7f5f8 r9=ffff8089848fe390 r10=ffff8089848fe388
  2728. r11=ffff8089848fe380 r12=0000000000000000 r13=0000000000000000
  2729. r14=0000000000000000 r15=0000000000000000
  2730. iopl=0 nv up ei ng nz na po nc
  2731. nt!ObLogSecurityDescriptor+0xa0:
  2732. fffff807`6cfcb230 48395f10 cmp qword ptr [rdi+10h],rbx ds:00000000`00000010=????????????????
  2733. Resetting default scope
  2734. LAST_CONTROL_TRANSFER: from fffff8076cc63d96 to fffff8076cbc1220
  2735. STACK_TEXT:
  2736. ffffd284`45e7e518 fffff807`6cc63d96 : 00000000`0000001a 00000000`0000003f 00000000`00007680 00000000`00007680 : nt!KeBugCheckEx
  2737. ffffd284`45e7e520 fffff807`6ca8df32 : ffffd788`839fe980 ffffffff`ffffffff 00000000`00000000 ffffd788`839fea70 : nt!MiValidatePagefilePageHash+0x10176a
  2738. ffffd284`45e7e600 fffff807`6ca8d47d : 00000000`00000002 ffffd284`00000000 ffffd284`45e7e7b8 fffff807`00000000 : nt!MiWaitForInPageComplete+0x472
  2739. ffffd284`45e7e710 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 0000019d`1458eb20 fffff807`6cafb446 : nt!MiIssueHardFault+0x1ad
  2740. ffffd284`45e7e810 fffff807`6cbcf320 : fffff807`6ce6a480 ffffd788`893870c0 ffffd284`45e7edd8 fffff300`00000000 : nt!MmAccessFault+0x40b
  2741. ffffd284`45e7e9b0 fffff807`6cb5e150 : ffff9200`12ff1000 ffffd788`88b54050 fffff807`6ca5cfc0 ffff9200`12ff1000 : nt!KiPageFault+0x360
  2742. ffffd284`45e7eb48 fffff807`6ca5cfc0 : ffff9200`12ff1000 ffff9200`12ff1000 00000000`00000002 0000019d`1458eb20 : nt!RtlDecompressBufferXpressLz+0x50
  2743. ffffd284`45e7eb60 fffff807`6cb5fed9 : 00000000`00000000 0a000000`00000003 00000000`00000000 ffffd788`88b55788 : nt!RtlDecompressBufferEx+0x60
  2744. ffffd284`45e7ebb0 fffff807`6cb5fd64 : 00000000`00000004 ffffd284`45e7edc0 00000000`00000000 00000000`00000015 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  2745. ffffd284`45e7ec90 fffff807`6cb5fbe2 : 00000000`00000001 00000000`0001eb20 ffffd788`0001eb20 ffffd788`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  2746. ffffd284`45e7ece0 fffff807`6cb5fa0b : ffffd788`ffffffff ffffd788`8b060000 ffffd284`45e7edc0 ffffd788`8c4eba90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  2747. ffffd284`45e7ed80 fffff807`6cb5f851 : ffffd788`8b060000 00000000`00000000 00000000`00000003 ffffd788`88b55788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  2748. ffffd284`45e7ee30 fffff807`6cb5f761 : ffffd788`88b54000 ffffd788`8c4eba90 ffffd788`8b060000 ffffd788`88b559b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  2749. ffffd284`45e7eeb0 fffff807`6ca69e18 : ffffd788`896c0080 ffffd788`88b54000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  2750. ffffd284`45e7eee0 fffff807`6cb62cc1 : fffff807`6cb5f740 ffffd284`45e7ef90 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  2751. ffffd284`45e7ef50 fffff807`6cb4b941 : ffffd284`45e7f050 fffff807`6cf8db78 ffffd788`88b54000 ffffd284`45e7f1a0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  2752. ffffd284`45e7f020 fffff807`6cb4b527 : 00000000`0000000c ffffd788`88b54000 ffffd284`45e7f0d0 ffffd788`8c4eba90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  2753. ffffd284`45e7f070 fffff807`6cb61fd3 : 00000000`0000000c ffffd788`8c4eba90 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  2754. ffffd284`45e7f100 fffff807`6cb636af : ffffd788`00000001 ffffd788`860ac800 00000000`00000000 ffffd788`88b54000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  2755. ffffd284`45e7f170 fffff807`6ca8e05b : fffff807`6ce68d00 00000000`00000001 fffff807`6ce68dc0 fffff807`6ca74ee6 : nt!SmPageRead+0x33
  2756. ffffd284`45e7f1c0 fffff807`6ca8d759 : 00000000`00000002 ffffd284`45e7f250 ffffd284`45e7f3b8 fffff379`a0226070 : nt!MiIssueHardFaultIo+0x117
  2757. ffffd284`45e7f210 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 ffff8089`81d9ddd0 ffff8089`81d9ddd0 : nt!MiIssueHardFault+0x489
  2758. ffffd284`45e7f2c0 fffff807`6cbcf320 : ffffd284`45e7f7f0 ffffd284`45e7f560 ffff8089`848fe2d0 ffffd284`00000000 : nt!MmAccessFault+0x40b
  2759. ffffd284`45e7f460 fffff807`6cfcb230 : f99e029c`17e6150b ffff8089`00000000 ffffd284`00000001 fffff807`6cf8f4b0 : nt!KiPageFault+0x360
  2760. ffffd284`45e7f5f0 fffff807`6cfca64e : ffffd284`000000bc ffffd284`45e7f6a8 ffffd788`00000010 00000000`000000bc : nt!ObLogSecurityDescriptor+0xa0
  2761. ffffd284`45e7f670 fffff807`6cfcb034 : 00000000`00000000 ffffd284`45e7f7f0 ffff8089`7ea210a0 00000000`00000000 : nt!ObSetSecurityDescriptorInfo+0x8e
  2762. ffffd284`45e7f6e0 fffff807`6cfcc299 : 00000000`00000008 00000000`00000000 ffff8089`7a409350 fffff807`6cfdf847 : nt!SeDefaultObjectMethod+0x104
  2763. ffffd284`45e7f740 fffff807`6cfca969 : ffff8089`7ea210a0 ffff8089`00000004 00000000`00000002 ffff8089`7ea210d0 : nt!ObSetSecurityObjectByPointer+0x89
  2764. ffffd284`45e7f7a0 fffff807`6cfdafd1 : 00000000`00000000 00000000`00000000 ffffd284`45e7f900 00000000`00000000 : nt!SepAppendAceToTokenObjectAcl+0x229
  2765. ffffd284`45e7f870 fffff807`6cfdb1db : ffff8089`85cbb770 00000000`00000002 00000000`00000000 00000000`00000001 : nt!SepAppendAdminAceToTokenAcl+0x15
  2766. ffffd284`45e7f8a0 fffff807`6cbd2b15 : ffffd788`896c0080 00000055`df97d008 00000055`df97d028 00000000`00000000 : nt!NtDuplicateToken+0x1db
  2767. ffffd284`45e7f990 00007ff8`b773c904 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  2768. 00000055`df97cfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`b773c904
  2769. STACK_COMMAND: kb
  2770. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  2771. fffff8076ca1fd35-fffff8076ca1fd36 2 bytes - nt!MmMapLockedPagesSpecifyCache+e5
  2772. [ 80 f6:00 f3 ]
  2773. fffff8076ca4b209-fffff8076ca4b20a 2 bytes - nt!MmUnlockPages+e9 (+0x2b4d4)
  2774. [ 80 fa:00 c7 ]
  2775. fffff8076ca4bb1f-fffff8076ca4bb20 2 bytes - nt!MmUnmapLockedPages+8f (+0x916)
  2776. [ 80 f6:00 f3 ]
  2777. fffff8076ca4bb7f-fffff8076ca4bb83 5 bytes - nt!MmUnmapLockedPages+ef (+0x60)
  2778. [ d0 be 7d fb f6:60 de bc 79 f3 ]
  2779. fffff8076ca73034-fffff8076ca73038 5 bytes - nt!MmAccessFault+4a4 (+0x274b5)
  2780. [ df be 7d fb f6:6f de bc 79 f3 ]
  2781. fffff8076ca8d4dc-fffff8076ca8d4dd 2 bytes - nt!MiIssueHardFault+20c (+0x1a4a8)
  2782. [ 80 f6:00 f3 ]
  2783. fffff8076ca8fee8-fffff8076ca8feec 5 bytes - nt!MiProbeAndLockPages+98 (+0x2a0c)
  2784. [ d0 be 7d fb f6:60 de bc 79 f3 ]
  2785. fffff8076ca8fefa-fffff8076ca8fefe 5 bytes - nt!MiProbeAndLockPages+aa (+0x12)
  2786. [ d7 be 7d fb f6:67 de bc 79 f3 ]
  2787. fffff8076caef4da-fffff8076caef4db 2 bytes - nt!MmBuildMdlForNonPagedPool+5a (+0x5f5e0)
  2788. [ 80 f6:00 f3 ]
  2789. fffff8076caef528-fffff8076caef529 2 bytes - nt!MmBuildMdlForNonPagedPool+a8 (+0x4e)
  2790. [ 80 fa:00 c7 ]
  2791. fffff8076caef52f-fffff8076caef533 5 bytes - nt!MmBuildMdlForNonPagedPool+af (+0x07)
  2792. [ d0 be 7d fb f6:60 de bc 79 f3 ]
  2793. fffff8076caf50fe-fffff8076caf50ff 2 bytes - nt!MmUnmapIoSpace+7e (+0x5bcf)
  2794. [ 80 f6:00 f3 ]
  2795. fffff8076cafe662-fffff8076cafe663 2 bytes - nt!MmAllocateIndependentPagesEx+aa (+0x9564)
  2796. [ 80 f6:00 f3 ]
  2797. fffff8076cb63797-fffff8076cb63798 2 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+87 (+0x65135)
  2798. [ 48 ff:4c 8b ]
  2799. fffff8076cb6379e-fffff8076cb637a1 4 bytes - nt!SMKM_STORE_MGR<SM_TRAITS>::SmAsyncReadQueueWorker+8e (+0x07)
  2800. [ 0f 1f 44 00:e8 1d 40 95 ]
  2801. fffff8076ccc139f-fffff8076ccc13a0 2 bytes - nt!MiUnmapMdlCommon+8b (+0x15dc01)
  2802. [ 80 f6:00 f3 ]
  2803. fffff8076ccc1d2d-fffff8076ccc1d2e 2 bytes - nt!MmProtectMdlSystemAddress+cd (+0x98e)
  2804. [ 80 f6:00 f3 ]
  2805. 51 errors : !nt (fffff8076ca1fd35-fffff8076ccc1d2e)
  2806. MODULE_NAME: memory_corruption
  2807.  
  2808. IMAGE_NAME: memory_corruption
  2809.  
  2810. FOLLOWUP_NAME: memory_corruption
  2811. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  2812. MEMORY_CORRUPTOR: LARGE
  2813. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  2814. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  2815. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  2816. TARGET_TIME: 2020-08-03T15:44:10.000Z
  2817. SUITE_MASK: 272
  2818. PRODUCT_TYPE: 1
  2819. USER_LCID: 0
  2820. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  2821. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  2822. Followup: memory_corruption
  2823. *** Memory manager detected 1 instance(s) of corrupted pagefilepage(s) while performing in-page operations.
  2824.  
  2825. ====================== Dump #5: 3RD PARTY DRIVERS ======================
  2826.  
  2827. Sep 12 1975 - klmouflt.sys - Kaspersky Mouse Device Filter https://www.kaspersky.com/
  2828. May 05 2007 - klwtp.sys - Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  2829. Apr 13 2008 - klbackupdisk.sys - Kaspersky Backup Disk Filter https://www.kaspersky.com/
  2830. Aug 02 2010 - AsUpIO.sys - ASUS Update Input Output driver http://www.asus.com/
  2831. May 05 2013 - ScpVBus.sys - Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  2832. Jan 07 2015 - klim6.sys - Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  2833. Jun 06 2017 - SCDEmu.SYS - PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  2834. Oct 11 2017 - YSDrv.sys - VirtualBox Support driver
  2835. Nov 19 2017 - TeeDriverW8x64.sys - Intel Management Engine Interface driver https://downloadcenter.intel.com/
  2836. Mar 16 2018 - kltap.sys - TAP - Windows Virtual Network driver - The OpenVPN Project
  2837. Nov 13 2018 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  2838. Jan 22 2019 - klupd_klif_kimul.sys - Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  2839. Feb 15 2019 - cm_km.sys - Kaspersky Cryptographic Module Driver
  2840. Feb 26 2019 - klwfp.sys - Kaspersky Network filtering component https://www.kaspersky.com/
  2841. Jul 03 2019 - womic.sys - Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  2842. Feb 25 2020 - IntcDAud.sys - Intel Display Audio Driver http://www.intel.com/
  2843. Mar 13 2020 - klif.sys - Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  2844. Mar 20 2020 - klupd_klif_mark.sys - Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  2845. Mar 22 2020 - klupd_klif_arkmon.sys - Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  2846. Apr 02 2020 - tapprotonvpn.sys - Proton TAP VPN driver http://www.protonvpn.com/
  2847. May 19 2020 - igdkmd64.sys - Intel HD graphics driver
  2848. May 26 2020 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  2849. Jun 17 2020 - klupd_klif_klbg.sys - Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  2850. Jun 19 2020 - klgse.sys - Kaspersky Security Extender driver
  2851. Jun 19 2020 - klhk.sys - Kaspersky Lab service driver https://www.kaspersky.com/
  2852. Jul 17 2020 - klids.sys - Kaspersky Lab IDS Engine https://www.kaspersky.com/
  2853. Nov 16 2021 - klkbdflt.sys - Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  2854. Mar 13 2029 - klpd.sys - Kaspersky Format Recognizer https://www.kaspersky.com/
  2855. Aug 13 2029 - klflt.sys - Kaspersky Filter Core https://www.kaspersky.com/
  2856. ***** Invalid (946E4501) - klbackupflt.sys - Kaspersky Backup File Filter https://www.kaspersky.com/
  2857. ***** Invalid (B1F414C8) - kldisk.sys - Kaspersky Virtual Disk driver https://www.kaspersky.com/
  2858. ***** Invalid (E34C73F4) - kneps.sys - Kaspersky KNEPS Power https://www.kaspersky.com/
  2859.  
  2860. ================== Dump #5: 3RD PARTY DRIVERS (FULL) ===================
  2861.  
  2862. Image path: \SystemRoot\system32\DRIVERS\klmouflt.sys
  2863. Image name: klmouflt.sys
  2864. Search : https://www.google.com/search?q=klmouflt.sys
  2865. ADA Info : Kaspersky Mouse Device Filter https://www.kaspersky.com/
  2866. Timestamp : Fri Sep 12 1975
  2867.  
  2868. Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
  2869. Image name: klwtp.sys
  2870. Search : https://www.google.com/search?q=klwtp.sys
  2871. ADA Info : Kaspersky WFP Network Connection Filter Driver https://www.kaspersky.com/
  2872. Timestamp : Sat May 5 2007
  2873.  
  2874. Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
  2875. Image name: klbackupdisk.sys
  2876. Search : https://www.google.com/search?q=klbackupdisk.sys
  2877. ADA Info : Kaspersky Backup Disk Filter https://www.kaspersky.com/
  2878. Timestamp : Sun Apr 13 2008
  2879.  
  2880. Image path: \SystemRoot\SysWow64\drivers\AsUpIO.sys
  2881. Image name: AsUpIO.sys
  2882. Search : https://www.google.com/search?q=AsUpIO.sys
  2883. ADA Info : ASUS Update Input Output driver http://www.asus.com/
  2884. Timestamp : Mon Aug 2 2010
  2885.  
  2886. Image path: \SystemRoot\System32\drivers\ScpVBus.sys
  2887. Image name: ScpVBus.sys
  2888. Search : https://www.google.com/search?q=ScpVBus.sys
  2889. ADA Info : Scarlet.Crush Productions Scp Dual Shock 3 Virtual Bus driver http://forums.pcsx2.net/
  2890. Timestamp : Sun May 5 2013
  2891.  
  2892. Image path: \SystemRoot\system32\DRIVERS\klim6.sys
  2893. Image name: klim6.sys
  2894. Search : https://www.google.com/search?q=klim6.sys
  2895. ADA Info : Kaspersky Lab Intermediate Network Driver https://www.kaspersky.com/
  2896. Timestamp : Wed Jan 7 2015
  2897.  
  2898. Image path: \SystemRoot\System32\Drivers\SCDEmu.SYS
  2899. Image name: SCDEmu.SYS
  2900. Search : https://www.google.com/search?q=SCDEmu.SYS
  2901. ADA Info : PowerISO Virtual driver (PowerISO Computing) https://www.poweriso.com/
  2902. Timestamp : Tue Jun 6 2017
  2903.  
  2904. Image path: \??\C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys
  2905. Image name: YSDrv.sys
  2906. Search : https://www.google.com/search?q=YSDrv.sys
  2907. ADA Info : VirtualBox Support driver
  2908. Timestamp : Wed Oct 11 2017
  2909.  
  2910. Mapped memory image file: C:\ProgramData\dbg\sym\TeeDriverW8x64.sys\5A116D8F34000\TeeDriverW8x64.sys
  2911. Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
  2912. Image name: TeeDriverW8x64.sys
  2913. Search : https://www.google.com/search?q=TeeDriverW8x64.sys
  2914. ADA Info : Intel Management Engine Interface driver https://downloadcenter.intel.com/
  2915. Timestamp : Sun Nov 19 2017
  2916. File version: 11.7.0.1057
  2917. Product version: 11.7.0.1057
  2918. File flags: 8 (Mask 3F) Private
  2919. File OS: 40004 NT Win32
  2920. File type: 3.7 Driver
  2921. File date: 00000000.00000000
  2922. CompanyName: Intel Corporation
  2923. ProductName: Intel(R) Management Engine Interface
  2924. InternalName: TeeDriverx64.sys
  2925. OriginalFilename: TeeDriverx64.sys
  2926. ProductVersion: 11.7.0.1057
  2927. FileVersion: 11.7.0.1057
  2928. FileDescription: Intel(R) Management Engine Interface
  2929. LegalCopyright: Copyright © 2006-2015, Intel Corporation. All rights reserved.
  2930.  
  2931. Image path: \SystemRoot\System32\drivers\kltap.sys
  2932. Image name: kltap.sys
  2933. Search : https://www.google.com/search?q=kltap.sys
  2934. ADA Info : TAP - Windows Virtual Network driver - The OpenVPN Project
  2935. Timestamp : Fri Mar 16 2018
  2936.  
  2937. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  2938. Image name: RTKVHD64.sys
  2939. Search : https://www.google.com/search?q=RTKVHD64.sys
  2940. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  2941. Timestamp : Tue Nov 13 2018
  2942.  
  2943. Image path: \SystemRoot\System32\Drivers\klupd_klif_kimul.sys
  2944. Image name: klupd_klif_kimul.sys
  2945. Search : https://www.google.com/search?q=klupd_klif_kimul.sys
  2946. ADA Info : Kaspersky Kernel Heuristics Engine https://www.kaspersky.com/
  2947. Timestamp : Tue Jan 22 2019
  2948.  
  2949. Image path: \SystemRoot\system32\DRIVERS\cm_km.sys
  2950. Image name: cm_km.sys
  2951. Search : https://www.google.com/search?q=cm_km.sys
  2952. ADA Info : Kaspersky Cryptographic Module Driver
  2953. Timestamp : Fri Feb 15 2019
  2954.  
  2955. Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
  2956. Image name: klwfp.sys
  2957. Search : https://www.google.com/search?q=klwfp.sys
  2958. ADA Info : Kaspersky Network filtering component https://www.kaspersky.com/
  2959. Timestamp : Tue Feb 26 2019
  2960.  
  2961. Image path: \SystemRoot\system32\drivers\womic.sys
  2962. Image name: womic.sys
  2963. Search : https://www.google.com/search?q=womic.sys
  2964. ADA Info : Wireless Orange Mic driver http://www.wirelessorange.com/womic/ or wolicheng.com
  2965. Timestamp : Wed Jul 3 2019
  2966.  
  2967. Image path: \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_1b570d7b9a790b1a\IntcDAud.sys
  2968. Image name: IntcDAud.sys
  2969. Search : https://www.google.com/search?q=IntcDAud.sys
  2970. ADA Info : Intel Display Audio Driver http://www.intel.com/
  2971. Timestamp : Tue Feb 25 2020
  2972.  
  2973. Image path: \SystemRoot\system32\DRIVERS\klif.sys
  2974. Image name: klif.sys
  2975. Search : https://www.google.com/search?q=klif.sys
  2976. ADA Info : Kaspersky Lab Intruder Filter driver https://www.kaspersky.com/
  2977. Timestamp : Fri Mar 13 2020
  2978.  
  2979. Image path: \SystemRoot\System32\Drivers\klupd_klif_mark.sys
  2980. Image name: klupd_klif_mark.sys
  2981. Search : https://www.google.com/search?q=klupd_klif_mark.sys
  2982. ADA Info : Kaspersky Lab Anti-Rootkit Engine https://www.kaspersky.com
  2983. Timestamp : Fri Mar 20 2020
  2984.  
  2985. Image path: \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys
  2986. Image name: klupd_klif_arkmon.sys
  2987. Search : https://www.google.com/search?q=klupd_klif_arkmon.sys
  2988. ADA Info : Kaspersky Anti-Virus Anti-Rootkit Monitor https://www.kaspersky.com/
  2989. Timestamp : Sun Mar 22 2020
  2990.  
  2991. Image path: \SystemRoot\System32\drivers\tapprotonvpn.sys
  2992. Image name: tapprotonvpn.sys
  2993. Search : https://www.google.com/search?q=tapprotonvpn.sys
  2994. ADA Info : Proton TAP VPN driver http://www.protonvpn.com/
  2995. Timestamp : Thu Apr 2 2020
  2996.  
  2997. Image path: \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_29d4e3e2513aa913\igdkmd64.sys
  2998. Image name: igdkmd64.sys
  2999. Search : https://www.google.com/search?q=igdkmd64.sys
  3000. ADA Info : Intel HD graphics driver
  3001. Timestamp : Tue May 19 2020
  3002.  
  3003. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  3004. Image name: rt640x64.sys
  3005. Search : https://www.google.com/search?q=rt640x64.sys
  3006. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  3007. Timestamp : Tue May 26 2020
  3008.  
  3009. Image path: \SystemRoot\System32\Drivers\klupd_klif_klbg.sys
  3010. Image name: klupd_klif_klbg.sys
  3011. Search : https://www.google.com/search?q=klupd_klif_klbg.sys
  3012. ADA Info : Kaspersky Anti-Virus Lab Boot Guard Driver https://www.kaspersky.com/
  3013. Timestamp : Wed Jun 17 2020
  3014.  
  3015. Image path: \SystemRoot\system32\DRIVERS\klgse.sys
  3016. Image name: klgse.sys
  3017. Search : https://www.google.com/search?q=klgse.sys
  3018. ADA Info : Kaspersky Security Extender driver
  3019. Timestamp : Fri Jun 19 2020
  3020.  
  3021. Image path: \SystemRoot\system32\DRIVERS\klhk.sys
  3022. Image name: klhk.sys
  3023. Search : https://www.google.com/search?q=klhk.sys
  3024. ADA Info : Kaspersky Lab service driver https://www.kaspersky.com/
  3025. Timestamp : Fri Jun 19 2020
  3026.  
  3027. Image path: \??\C:\ProgramData\Kaspersky Lab\AVP20.0\Bases\klids.sys
  3028. Image name: klids.sys
  3029. Search : https://www.google.com/search?q=klids.sys
  3030. ADA Info : Kaspersky Lab IDS Engine https://www.kaspersky.com/
  3031. Timestamp : Fri Jul 17 2020
  3032.  
  3033. Image path: \SystemRoot\system32\DRIVERS\klkbdflt.sys
  3034. Image name: klkbdflt.sys
  3035. Search : https://www.google.com/search?q=klkbdflt.sys
  3036. ADA Info : Kaspersky Keyboard Device Filter https://www.kaspersky.com/
  3037. Timestamp : Tue Nov 16 2021
  3038.  
  3039. Image path: \SystemRoot\system32\DRIVERS\klpd.sys
  3040. Image name: klpd.sys
  3041. Search : https://www.google.com/search?q=klpd.sys
  3042. ADA Info : Kaspersky Format Recognizer https://www.kaspersky.com/
  3043. Timestamp : Tue Mar 13 2029
  3044.  
  3045. Image path: \SystemRoot\system32\DRIVERS\klflt.sys
  3046. Image name: klflt.sys
  3047. Search : https://www.google.com/search?q=klflt.sys
  3048. ADA Info : Kaspersky Filter Core https://www.kaspersky.com/
  3049. Timestamp : Mon Aug 13 2029
  3050.  
  3051. Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
  3052. Image name: klbackupflt.sys
  3053. Search : https://www.google.com/search?q=klbackupflt.sys
  3054. ADA Info : Kaspersky Backup File Filter https://www.kaspersky.com/
  3055. Timestamp : ***** Invalid (946E4501)
  3056.  
  3057. Image path: \SystemRoot\system32\DRIVERS\kldisk.sys
  3058. Image name: kldisk.sys
  3059. Search : https://www.google.com/search?q=kldisk.sys
  3060. ADA Info : Kaspersky Virtual Disk driver https://www.kaspersky.com/
  3061. Timestamp : ***** Invalid (B1F414C8)
  3062.  
  3063. Image path: \SystemRoot\system32\DRIVERS\kneps.sys
  3064. Image name: kneps.sys
  3065. Search : https://www.google.com/search?q=kneps.sys
  3066. ADA Info : Kaspersky KNEPS Power https://www.kaspersky.com/
  3067. Timestamp : ***** Invalid (E34C73F4)
  3068.  
  3069. ====================== Dump #5: MICROSOFT DRIVERS ======================
  3070.  
  3071. ACPI.sys ACPI Driver for NT (Microsoft)
  3072. acpiex.sys ACPIEx Driver (Microsoft)
  3073. acpipagr.sys ACPI Processor Aggregator Device driver (Microsoft)
  3074. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  3075. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  3076. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  3077. ahcache.sys Application Compatibility Cache (Microsoft)
  3078. bam.sys BAM Kernal driver (Microsoft)
  3079. BasicDisplay.sys Basic Display driver (Microsoft)
  3080. BasicRender.sys Basic Render driver (Microsoft)
  3081. Beep.SYS BEEP driver (Microsoft)
  3082. BOOTVID.dll VGA Boot Driver (Microsoft)
  3083. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  3084. cdd.dll Canonical Display Driver (Microsoft)
  3085. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  3086. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  3087. CI.dll Code Integrity Module (Microsoft)
  3088. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  3089. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  3090. CLFS.SYS Common Log File System Driver (Microsoft)
  3091. clipsp.sys CLIP Service (Microsoft)
  3092. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  3093. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  3094. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  3095. condrv.sys Console Driver (Microsoft)
  3096. crashdmp.sys Crash Dump driver (Microsoft)
  3097. csc.sys Windows Client Side Caching driver (Microsoft)
  3098. dfsc.sys DFS Namespace Client Driver (Microsoft)
  3099. disk.sys PnP Disk Driver (Microsoft)
  3100. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  3101. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  3102. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  3103. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  3104. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  3105. dxgmms2.sys DirectX Graphics MMS
  3106. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  3107. fastfat.SYS Fast FAT File System Driver (Microsoft)
  3108. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  3109. fileinfo.sys FileInfo Filter Driver (Microsoft)
  3110. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  3111. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  3112. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  3113. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  3114. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  3115. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  3116. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  3117. HIDCLASS.SYS Hid Class Library (Microsoft)
  3118. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  3119. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  3120. HTTP.sys HTTP Protocol Stack (Microsoft)
  3121. intelpep.sys Intel Power Engine Plugin (Microsoft)
  3122. intelppm.sys Processor Device Driver (Microsoft)
  3123. iorate.sys I/O rate control Filter (Microsoft)
  3124. kbdclass.sys Keyboard Class Driver (Microsoft)
  3125. kbdhid.sys HID Mouse Filter Driver or HID Keyboard Filter Driver (Microsoft)
  3126. kd.dll Local Kernal Debugger (Microsoft)
  3127. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  3128. ks.sys Kernal CSA Library (Microsoft)
  3129. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  3130. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  3131. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  3132. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  3133. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  3134. mcupdate_GenuineIntel.dll Intel Microcode Update Library (Microsoft)
  3135. mmcss.sys MMCSS Driver (Microsoft)
  3136. monitor.sys Monitor Driver (Microsoft)
  3137. mouclass.sys Mouse Class Driver (Microsoft)
  3138. mouhid.sys HID Mouse Filter Driver (Microsoft)
  3139. mountmgr.sys Mount Point Manager (Microsoft)
  3140. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  3141. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  3142. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  3143. Msfs.SYS Mailslot driver (Microsoft)
  3144. msisadrv.sys ISA Driver (Microsoft)
  3145. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  3146. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  3147. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  3148. mssmbios.sys System Management BIOS driver (Microsoft)
  3149. mup.sys Multiple UNC Provider driver (Microsoft)
  3150. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  3151. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  3152. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  3153. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  3154. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  3155. NDProxy.sys NDIS Proxy driver (Microsoft)
  3156. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  3157. netbios.sys NetBIOS Interface driver (Microsoft)
  3158. netbt.sys MBT Transport driver (Microsoft)
  3159. NETIO.SYS Network I/O Subsystem (Microsoft)
  3160. Npfs.SYS NPFS driver (Microsoft)
  3161. npsvctrig.sys Named pipe service triggers (Microsoft)
  3162. nsiproxy.sys NSI Proxy driver (Microsoft)
  3163. Ntfs.sys NT File System Driver (Microsoft)
  3164. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  3165. ntosext.sys NTOS Extension Host driver (Microsoft)
  3166. Null.SYS NULL Driver (Microsoft)
  3167. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  3168. pacer.sys QoS Packet Scheduler (Microsoft)
  3169. parport.sys Parallel Port Driver (Microsoft)
  3170. partmgr.sys Partition driver (Microsoft)
  3171. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  3172. pcw.sys Performance Counter Driver (Microsoft)
  3173. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  3174. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  3175. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  3176. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  3177. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  3178. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  3179. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  3180. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  3181. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  3182. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  3183. rdyboost.sys ReadyBoost Driver (Microsoft)
  3184. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  3185. serenum.sys Serial Port Enumerator (Microsoft)
  3186. serial.sys Serial Device Driver
  3187. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  3188. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  3189. spaceport.sys Storage Spaces driver (Microsoft)
  3190. srv2.sys Smb 2.0 Server driver (Microsoft)
  3191. srvnet.sys Server Network driver (Microsoft)
  3192. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  3193. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  3194. storqosflt.sys Storage QoS Filter driver (Microsoft)
  3195. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  3196. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  3197. tcpip.sys TCP/IP Protocol driver (Microsoft)
  3198. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  3199. TDI.SYS TDI Wrapper driver (Microsoft)
  3200. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  3201. tm.sys Kernel Transaction Manager driver (Microsoft)
  3202. ucx01000.sys USB Controller Extension (Microsoft)
  3203. UEFI.sys UEFI NT driver (Microsoft)
  3204. umbus.sys User-Mode Bus Enumerator (Microsoft)
  3205. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  3206. USBD.SYS Universal Serial Bus Driver (Microsoft)
  3207. UsbHub3.sys USB3 HUB driver (Microsoft)
  3208. USBXHCI.SYS USB XHCI driver (Microsoft)
  3209. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  3210. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  3211. volmgr.sys Volume Manager Driver (Microsoft)
  3212. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  3213. volsnap.sys Volume Shadow Copy driver (Microsoft)
  3214. volume.sys Volume driver (Microsoft)
  3215. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  3216. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  3217. watchdog.sys Watchdog driver (Microsoft)
  3218. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  3219. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  3220. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  3221. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  3222. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  3223. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  3224. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  3225. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  3226. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  3227. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  3228. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  3229. winquic.sys QUIC Transport Protocol driver (Microsoft)
  3230. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  3231. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  3232. Wof.sys Windows Overlay Filter (Microsoft)
  3233. WppRecorder.sys WPP Trace Recorder (Microsoft)
  3234.  
  3235. ====================== Dump #5: UNLOADED MODULES =======================
  3236.  
  3237. fffff807`77450000 fffff807`77489000 klids.sys
  3238. fffff807`76740000 fffff807`7674f000 dump_storpor
  3239. fffff807`76780000 fffff807`767af000 dump_storahc
  3240. fffff807`767d0000 fffff807`767ee000 dump_dumpfve
  3241. fffff807`6b140000 fffff807`6b14b000 klpnpflt.sys
  3242. fffff807`6b0d0000 fffff807`6b0db000 klpnpflt.sys
  3243. fffff807`79b00000 fffff807`79b0b000 klpnpflt.sys
  3244. fffff807`774f0000 fffff807`7750e000 dam.sys
  3245. fffff807`6f9b0000 fffff807`6f9be000 klelam.sys
  3246. fffff807`709e0000 fffff807`709f0000 hwpolicy.sys
  3247.  
  3248. ====================== Dump #5: BIOS INFORMATION =======================
  3249.  
  3250. sysinfo: could not find necessary interfaces.
  3251. sysinfo: note that mssmbios.sys must be loaded (XPSP2+).
  3252.  
  3253. ========================== Dump #5: Extra #1 ===========================
  3254.  
  3255. 0: kd> !verifier
  3256. Verify Flags Level 0x00000000
  3257. STANDARD FLAGS:
  3258. [X] (0x00000000) Automatic Checks
  3259. [ ] (0x00000001) Special pool
  3260. [ ] (0x00000002) Force IRQL checking
  3261. [ ] (0x00000008) Pool tracking
  3262. [ ] (0x00000010) I/O verification
  3263. [ ] (0x00000020) Deadlock detection
  3264. [ ] (0x00000080) DMA checking
  3265. [ ] (0x00000100) Security checks
  3266. [ ] (0x00000800) Miscellaneous checks
  3267. [ ] (0x00020000) DDI compliance checking
  3268. ADDITIONAL FLAGS:
  3269. [ ] (0x00000004) Randomized low resources simulation
  3270. [ ] (0x00000200) Force pending I/O requests
  3271. [ ] (0x00000400) IRP logging
  3272. [ ] (0x00002000) Invariant MDL checking for stack
  3273. [ ] (0x00004000) Invariant MDL checking for driver
  3274. [ ] (0x00008000) Power framework delay fuzzing
  3275. [ ] (0x00010000) Port/miniport interface checking
  3276. [ ] (0x00040000) Systematic low resources simulation
  3277. [ ] (0x00080000) DDI compliance checking (additional)
  3278. [ ] (0x00200000) NDIS/WIFI verification
  3279. [ ] (0x00800000) Kernel synchronization delay fuzzing
  3280. [ ] (0x01000000) VM switch verification
  3281. [ ] (0x02000000) Code integrity checks
  3282. [X] Indicates flag is enabled
  3283. Summary of All Verifier Statistics
  3284. RaiseIrqls 0x0
  3285. AcquireSpinLocks 0x0
  3286. Synch Executions 0x0
  3287. Trims 0x0
  3288. Pool Allocations Attempted 0x0
  3289. Pool Allocations Succeeded 0x0
  3290. Pool Allocations Succeeded SpecialPool 0x0
  3291. Pool Allocations With NO TAG 0x0
  3292. Pool Allocations Failed 0x0
  3293. Current paged pool allocations 0x0 for 00000000 bytes
  3294. Peak paged pool allocations 0x0 for 00000000 bytes
  3295. Current nonpaged pool allocations 0x0 for 00000000 bytes
  3296. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  3297.  
  3298. ========================== Dump #5: Extra #2 ===========================
  3299.  
  3300. 0: kd> !thread
  3301. THREAD ffffd788896c0080 Cid 0df8.216c Teb: 00000055dee5e000 Win32Thread: 0000000000000000 RUNNING on processor 0
  3302. Impersonation token: ffff808985cbb770 (Level Identification)
  3303. GetUlongFromAddress: unable to read from fffff8076ce2ca14
  3304. Owning Process ffffd788893870c0 Image: System Process
  3305. Attached Process ffffd78888b56040 Image: MemCompression
  3306. fffff78000000000: Unable to get shared data
  3307. Wait Start TickCount 25711
  3308. Context Switch Count 1006 IdealProcessor: 3
  3309. ReadMemory error: Cannot get nt!KeMaximumIncrement value.
  3310. UserTime 00:00:00.000
  3311. KernelTime 00:00:00.000
  3312. Win32 Start Address 0x00007ff8b76d3d60
  3313. Stack Init ffffd28445e7fb90 Current ffffd28445e7e260
  3314. Base ffffd28445e80000 Limit ffffd28445e79000 Call 0000000000000000
  3315. Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 2 PagePriority 5
  3316. Child-SP RetAddr : Args to Child : Call Site
  3317. ffffd284`45e7e518 fffff807`6cc63d96 : 00000000`0000001a 00000000`0000003f 00000000`00007680 00000000`00007680 : nt!KeBugCheckEx
  3318. ffffd284`45e7e520 fffff807`6ca8df32 : ffffd788`839fe980 ffffffff`ffffffff 00000000`00000000 ffffd788`839fea70 : nt!MiValidatePagefilePageHash+0x10176a
  3319. ffffd284`45e7e600 fffff807`6ca8d47d : 00000000`00000002 ffffd284`00000000 ffffd284`45e7e7b8 fffff807`00000000 : nt!MiWaitForInPageComplete+0x472
  3320. ffffd284`45e7e710 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 0000019d`1458eb20 fffff807`6cafb446 : nt!MiIssueHardFault+0x1ad
  3321. ffffd284`45e7e810 fffff807`6cbcf320 : fffff807`6ce6a480 ffffd788`893870c0 ffffd284`45e7edd8 fffff300`00000000 : nt!MmAccessFault+0x40b
  3322. ffffd284`45e7e9b0 fffff807`6cb5e150 : ffff9200`12ff1000 ffffd788`88b54050 fffff807`6ca5cfc0 ffff9200`12ff1000 : nt!KiPageFault+0x360 (TrapFrame @ ffffd284`45e7e9b0)
  3323. ffffd284`45e7eb48 fffff807`6ca5cfc0 : ffff9200`12ff1000 ffff9200`12ff1000 00000000`00000002 0000019d`1458eb20 : nt!RtlDecompressBufferXpressLz+0x50
  3324. ffffd284`45e7eb60 fffff807`6cb5fed9 : 00000000`00000000 0a000000`00000003 00000000`00000000 ffffd788`88b55788 : nt!RtlDecompressBufferEx+0x60
  3325. ffffd284`45e7ebb0 fffff807`6cb5fd64 : 00000000`00000004 ffffd284`45e7edc0 00000000`00000000 00000000`00000015 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageCopy+0x155
  3326. ffffd284`45e7ec90 fffff807`6cb5fbe2 : 00000000`00000001 00000000`0001eb20 ffffd788`0001eb20 ffffd788`00001000 : nt!ST_STORE<SM_TRAITS>::StDmSinglePageTransfer+0xa0
  3327. ffffd284`45e7ece0 fffff807`6cb5fa0b : ffffd788`ffffffff ffffd788`8b060000 ffffd284`45e7edc0 ffffd788`8c4eba90 : nt!ST_STORE<SM_TRAITS>::StDmpSinglePageRetrieve+0x186
  3328. ffffd284`45e7ed80 fffff807`6cb5f851 : ffffd788`8b060000 00000000`00000000 00000000`00000003 ffffd788`88b55788 : nt!ST_STORE<SM_TRAITS>::StDmPageRetrieve+0xcb
  3329. ffffd284`45e7ee30 fffff807`6cb5f761 : ffffd788`88b54000 ffffd788`8c4eba90 ffffd788`8b060000 ffffd788`88b559b0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadIssue+0x85
  3330. ffffd284`45e7eeb0 fffff807`6ca69e18 : ffffd788`896c0080 ffffd788`88b54000 00000000`00000000 00000000`00000000 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectReadCallout+0x21
  3331. ffffd284`45e7eee0 fffff807`6cb62cc1 : fffff807`6cb5f740 ffffd284`45e7ef90 00000000`00000003 00000000`00000000 : nt!KeExpandKernelStackAndCalloutInternal+0x78
  3332. ffffd284`45e7ef50 fffff807`6cb4b941 : ffffd284`45e7f050 fffff807`6cf8db78 ffffd788`88b54000 ffffd284`45e7f1a0 : nt!SMKM_STORE<SM_TRAITS>::SmStDirectRead+0xcd
  3333. ffffd284`45e7f020 fffff807`6cb4b527 : 00000000`0000000c ffffd788`88b54000 ffffd284`45e7f0d0 ffffd788`8c4eba90 : nt!SMKM_STORE<SM_TRAITS>::SmStWorkItemQueue+0x1a5
  3334. ffffd284`45e7f070 fffff807`6cb61fd3 : 00000000`0000000c ffffd788`8c4eba90 00000000`00000001 00000000`00000001 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmIoCtxQueueWork+0xbf
  3335. ffffd284`45e7f100 fffff807`6cb636af : ffffd788`00000001 ffffd788`860ac800 00000000`00000000 ffffd788`88b54000 : nt!SMKM_STORE_MGR<SM_TRAITS>::SmPageRead+0x167
  3336. ffffd284`45e7f170 fffff807`6ca8e05b : fffff807`6ce68d00 00000000`00000001 fffff807`6ce68dc0 fffff807`6ca74ee6 : nt!SmPageRead+0x33
  3337. ffffd284`45e7f1c0 fffff807`6ca8d759 : 00000000`00000002 ffffd284`45e7f250 ffffd284`45e7f3b8 fffff379`a0226070 : nt!MiIssueHardFaultIo+0x117
  3338. ffffd284`45e7f210 fffff807`6ca72f9b : 00000000`c0033333 00000000`00000000 ffff8089`81d9ddd0 ffff8089`81d9ddd0 : nt!MiIssueHardFault+0x489
  3339. ffffd284`45e7f2c0 fffff807`6cbcf320 : ffffd284`45e7f7f0 ffffd284`45e7f560 ffff8089`848fe2d0 ffffd284`00000000 : nt!MmAccessFault+0x40b
  3340. ffffd284`45e7f460 fffff807`6cfcb230 : f99e029c`17e6150b ffff8089`00000000 ffffd284`00000001 fffff807`6cf8f4b0 : nt!KiPageFault+0x360 (TrapFrame @ ffffd284`45e7f460)
  3341. ffffd284`45e7f5f0 fffff807`6cfca64e : ffffd284`000000bc ffffd284`45e7f6a8 ffffd788`00000010 00000000`000000bc : nt!ObLogSecurityDescriptor+0xa0
  3342. ffffd284`45e7f670 fffff807`6cfcb034 : 00000000`00000000 ffffd284`45e7f7f0 ffff8089`7ea210a0 00000000`00000000 : nt!ObSetSecurityDescriptorInfo+0x8e
  3343. ffffd284`45e7f6e0 fffff807`6cfcc299 : 00000000`00000008 00000000`00000000 ffff8089`7a409350 fffff807`6cfdf847 : nt!SeDefaultObjectMethod+0x104
  3344. ffffd284`45e7f740 fffff807`6cfca969 : ffff8089`7ea210a0 ffff8089`00000004 00000000`00000002 ffff8089`7ea210d0 : nt!ObSetSecurityObjectByPointer+0x89
  3345. ffffd284`45e7f7a0 fffff807`6cfdafd1 : 00000000`00000000 00000000`00000000 ffffd284`45e7f900 00000000`00000000 : nt!SepAppendAceToTokenObjectAcl+0x229
  3346. ffffd284`45e7f870 fffff807`6cfdb1db : ffff8089`85cbb770 00000000`00000002 00000000`00000000 00000000`00000001 : nt!SepAppendAdminAceToTokenAcl+0x15
  3347. ffffd284`45e7f8a0 fffff807`6cbd2b15 : ffffd788`896c0080 00000055`df97d008 00000055`df97d028 00000000`00000000 : nt!NtDuplicateToken+0x1db
  3348. ffffd284`45e7f990 00007ff8`b773c904 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ ffffd284`45e7fa00)
  3349. 00000055`df97cfe8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ff8`b773c904
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!