Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ========================== AUTO DUMP ANALYZER ==========================
- Auto Dump Analyzer
- Version: 0.91
- Time to analyze file(s): 00 hours and 05 minutes and 22 seconds
- ================================ SYSTEM ================================
- MANUFACTURER: Acer
- PRODUCT_NAME: Aspire E5-551G
- SKU: [Removed]
- VERSION: V1.15
- ================================= BIOS =================================
- VENDOR: Insyde Corp.
- VERSION: V1.15
- DATE: 07/06/2015
- ============================= MOTHERBOARD ==============================
- MANUFACTURER: Acer
- PRODUCT: EA50_KV
- VERSION: V1.15
- ================================= RAM ==================================
- Size Speed Manufacturer Part No.
- -------------- -------------- ------------------- ----------------------
- 0MHz Empty Empty
- 8192MB 1600MHz Kingston ACR16D3LS1KNG/8G
- ================================= CPU ==================================
- Processor Version: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
- COUNT: 4
- MHZ: 1896
- VENDOR: AuthenticAMD
- FAMILY: 15
- MODEL: 30
- STEPPING: 1
- ================================== OS ==================================
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 19041.1.amd64fre.vb_release.191206-1406
- BUILD_VERSION: 10.0.19041.388 (WinBuild.160101.0800)
- BUILD: 19041
- SERVICEPACK: 388
- PLATFORM_TYPE: x64
- NAME: Windows 10
- EDITION: Windows 10 WinNt TerminalServer SingleUserTS
- BUILD_TIMESTAMP: unknown_date
- BUILDDATESTAMP: 160101.0800
- BUILDLAB: WinBuild
- BUILDOSVER: 10.0.19041.388
- BUILD_VERSION: 19041.1.amd64fre.vb_release.191206-1406
- SERVICEPACK: 0
- BUILDDATESTAMP: 191206-1406
- BUILDLAB: vb_release
- BUILDOSVER: 10.0.19041.1.amd64fre.vb_release.191206-1406
- =============================== DEBUGGER ===============================
- Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- =============================== COMMENTS ===============================
- * Information gathered from different dump files may be different. If
- Windows updates between two dump files, two or more OS versions may
- be shown above.
- * If the user updates the BIOS between dump files, two or more versions
- and dates may be shown above.
- * More RAM information can be found below in a full BIOS section.
- ========================================================================
- ======================= Dump #1: ANALYZE VERBOSE =======================
- ====================== File: 071620-42718-01.dmp =======================
- ========================================================================
- Mini Kernel Dump File: Only registers and stack trace are available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff806`5b200000 PsLoadedModuleList = 0xfffff806`5be2a310
- Debug session time: Thu Jul 16 13:43:03.464 2020 (UTC - 4:00)
- System Uptime: 0 days 0:01:24.179
- BugCheck 1A, {8887, ffff9a0005dfcd50, ffff9a000bfbb930, 500}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000008887, The subtype of the bugcheck.
- Arg2: ffff9a0005dfcd50
- Arg3: ffff9a000bfbb930
- Arg4: 0000000000000500
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 400
- DUMP_TYPE: 2
- BUGCHECK_STR: 0x1a_8887
- CUSTOMER_CRASH_COUNT: 1
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: svchost.exe
- CURRENT_IRQL: 2
- STACK_TEXT:
- fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
- fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
- fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
- fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
- fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
- fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
- fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
- fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : 0x00007ff9`3104e2c4
- 00000044`fa4f9d20 00000207`8fb9c870 : 00007ff9`254de676 00000000`00000000 00000208`90e21db0 00000000`00000000 : 0x00007ff9`254de4be
- 00000044`fa4f9d28 00007ff9`254de676 : 00000000`00000000 00000208`90e21db0 00000000`00000000 00007ff9`254de438 : 0x00000207`8fb9c870
- 00000044`fa4f9d30 00000000`00000000 : 00000208`90e21db0 00000000`00000000 00007ff9`254de438 00000000`00000000 : 0x00007ff9`254de676
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !FLTMGR
- fffff80657cdcd05-fffff80657cdcd06 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+35
- [ 48 ff:4c 8b ]
- fffff80657cdcd0c - FLTMGR!DeleteStreamListCtrlCallback+3c (+0x07)
- [ 0f:e8 ]
- fffff80657cdcd0e-fffff80657cdcd10 3 bytes - FLTMGR!DeleteStreamListCtrlCallback+3e (+0x02)
- [ 44 00 00:5b 83 03 ]
- fffff80657cdcd1a-fffff80657cdcd1b 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+4a (+0x0c)
- [ 48 ff:4c 8b ]
- fffff80657cdcd21-fffff80657cdcd25 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+51 (+0x07)
- [ 0f 1f 44 00 00:e8 fa 63 74 03 ]
- fffff80657cdcd6a-fffff80657cdcd6b 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+9a (+0x49)
- [ 48 ff:4c 8b ]
- fffff80657cdcd71-fffff80657cdcd77 7 bytes - FLTMGR!DeleteStreamListCtrlCallback+a1 (+0x07)
- [ 0f 1f 44 00 00 48 ff:e8 fa 5b 74 03 4c 8b ]
- fffff80657cdcd7d-fffff80657cdcd81 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+ad (+0x0c)
- [ 0f 1f 44 00 00:e8 5e eb 81 03 ]
- 27 errors : !FLTMGR (fffff80657cdcd05-fffff80657cdcd81)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-07-16T17:43:03.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #1: 3RD PARTY DRIVERS ======================
- May 05 2015 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- May 29 2015 - RtsPer.sys - Realtek RTS PCIE Reader driver https://www.realtek.com/en/
- Jun 29 2015 - btfilter.sys - Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
- Jul 07 2015 - AtihdWT6.sys - AMD High Definition Audio Function driver http://support.amd.com/
- Jul 21 2015 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jul 29 2015 - SynRMIHID.sys - Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
- Jan 28 2016 - athw8x.sys - Atheros Wireless LAN driver (Qualcomm)
- Aug 16 2019 - atikmdag.sys - ATI Radeon Kernel Mode driver
- Aug 16 2019 - atikmpag.sys - ATI video card driver
- Nov 20 2019 - mbamswissarmy.sys - MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
- ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 5 2015
- Image path: \SystemRoot\system32\DRIVERS\RtsPer.sys
- Image name: RtsPer.sys
- Search : https://www.google.com/search?q=RtsPer.sys
- ADA Info : Realtek RTS PCIE Reader driver https://www.realtek.com/en/
- Timestamp : Fri May 29 2015
- Image path: \SystemRoot\system32\DRIVERS\btfilter.sys
- Image name: btfilter.sys
- Search : https://www.google.com/search?q=btfilter.sys
- ADA Info : Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
- Timestamp : Mon Jun 29 2015
- Image path: \SystemRoot\system32\drivers\AtihdWT6.sys
- Image name: AtihdWT6.sys
- Search : https://www.google.com/search?q=AtihdWT6.sys
- ADA Info : AMD High Definition Audio Function driver http://support.amd.com/
- Timestamp : Tue Jul 7 2015
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Jul 21 2015
- Image path: \SystemRoot\system32\DRIVERS\SynRMIHID.sys
- Image name: SynRMIHID.sys
- Search : https://www.google.com/search?q=SynRMIHID.sys
- ADA Info : Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
- Timestamp : Wed Jul 29 2015
- Mapped memory image file: C:\ProgramData\dbg\sym\athw8x.sys\56A9E4F6427000\athw8x.sys
- Image path: \SystemRoot\System32\drivers\athw8x.sys
- Image name: athw8x.sys
- Search : https://www.google.com/search?q=athw8x.sys
- ADA Info : Atheros Wireless LAN driver (Qualcomm)
- Timestamp : Thu Jan 28 2016
- File version: 3.0.2.201
- Product version: 3.0.2.201
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.6 Driver
- File date: 00000000.00000000
- CompanyName: Qualcomm Atheros Communications, Inc.
- ProductName: Driver for Qualcomm Atheros CB42/CB43/MB42/MB43 Network Adapter
- InternalName: ATHR.SYS
- OriginalFilename: ATHR.SYS
- ProductVersion: 3.0.2.201
- FileVersion: 3.0.2.201
- FileDescription: Qualcomm Atheros Extensible Wireless LAN device driver
- LegalCopyright: Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc.
- Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmdag.sys
- Image name: atikmdag.sys
- Search : https://www.google.com/search?q=atikmdag.sys
- ADA Info : ATI Radeon Kernel Mode driver
- Timestamp : Fri Aug 16 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmpag.sys
- Image name: atikmpag.sys
- Search : https://www.google.com/search?q=atikmpag.sys
- ADA Info : ATI video card driver
- Timestamp : Fri Aug 16 2019
- Image path: \SystemRoot\System32\Drivers\mbamswissarmy.sys
- Image name: mbamswissarmy.sys
- Search : https://www.google.com/search?q=mbamswissarmy.sys
- ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
- Timestamp : Wed Nov 20 2019
- ====================== Dump #1: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- amdppm.sys Processor Device Driver
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- BATTC.SYS Battery Class driver (Microsoft)
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- BTHport.sys Bluetooth Bus driver (Microsoft)
- BTHUSB.sys Bluetooth Miniport driver (Microsoft)
- CAD.sys Charge Arbiration driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- CmBatt.sys Control Method Battery driver (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- i8042prt.sys i8042 Keyboard / PS/2 Mouse driver (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- IntelTA.sys Intel Telemetry Driver
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- MpKslDrv.sys Microsoft Anti-malware Protection driver
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msquic.sys Windows QUIC Driver
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- MTConfig.sys Microsoft Multi-Touch HID Driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucx01000.sys USB Controller Extension (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- usbehci.sys EHCI eUSB Miniport Driver (Microsoft)
- usbhub.sys Default Hub Driver for USB (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- usbohci.sys OHCI USB Miniport Driver (Microsoft)
- USBPORT.SYS USB 1.1 & 2.0 Port Driver (Microsoft)
- usbvideo.sys USB Video Class Driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- ====================== Dump #1: UNLOADED MODULES =======================
- fffff806`5f940000 fffff806`5f951000 MSKSSRV.sys
- fffff806`5fcd0000 fffff806`5fcdf000 dump_storpor
- fffff806`5fd20000 fffff806`5fd53000 dump_storahc
- fffff806`5fd80000 fffff806`5fd9e000 dump_dumpfve
- fffff806`606c0000 fffff806`606cc000 WdmCompanion
- fffff806`5f760000 fffff806`5f77c000 dam.sys
- fffff806`5d800000 fffff806`5d811000 WdBoot.sys
- fffff806`5d7f0000 fffff806`5d7f9000 MbamElam.sys
- fffff806`5e930000 fffff806`5e940000 hwpolicy.sys
- ====================== Dump #1: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 1471 bytes]
- [BIOS Information (Type 0) - Length 24 - Handle 0000h]
- Vendor Insyde Corp.
- BIOS Version V1.15
- BIOS Starting Address Segment e000
- BIOS Release Date 07/06/2015
- BIOS ROM Size 800000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 19: - EDD Supported
- 20: - NEC 9800 J-Floppy Supported
- 21: - Toshiba J-Floppy Supported
- 22: - 360KB Floppy Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 27: - Keyboard Services Supported
- 30: - CGA/Mono Services Supported
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 1
- BIOS Minor Revision 15
- EC Firmware Major Revision 1
- EC Firmware Minor Revision 15
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Acer
- Product Name Aspire E5-551G
- Version V1.15
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- SKUNumber Aspire E5-551G_086A_V1.15
- Family KV
- [BaseBoard Information (Type 2) - Length 16 - Handle 0002h]
- Manufacturer Acer
- Product EA50_KV
- Version V1.15
- Feature Flags 09h
- -1923041568: - -1923041520: - «Eºþ
- Location Base Board Chassis Location
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 23 - Handle 0003h]
- Manufacturer Acer
- Chassis Type Notebook
- Version Chassis Version
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 0
- [Processor Information (Type 4) - Length 42 - Handle 0004h]
- Socket Designation Socket FP3
- Processor Type Central Processor
- Processor Family 48h - Specification Reserved
- Processor Manufacturer AMD processor
- Processor ID 010f6300fffb8b17
- Processor Version AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
- Processor Voltage 8ah - 1.0V
- External Clock 100MHz
- Max Speed 1900MHz
- Current Speed 1900MHz
- Status Enabled Populated
- Processor Upgrade None
- L1 Cache Handle 0005h
- L2 Cache Handle 0006h
- L3 Cache Handle [Not Present]
- Part Number FFFF
- [Cache Information (Type 7) - Length 19 - Handle 0005h]
- Socket Designation L1 Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0100h - 256K
- Installed Size 0100h - 256K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 2-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0006h]
- Socket Designation L2 Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 8040h - 4096K
- Installed Size 8040h - 4096K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Onboard Devices Information (Type 10) - Length 6 - Handle 0007h]
- Number of Devices 1
- 01: Type Video [enabled]
- 01: Description Video Graphics Controller
- [Onboard Devices Information (Type 10) - Length 6 - Handle 0008h]
- Number of Devices 1
- 01: Type Ethernet [enabled]
- 01: Description Realtek Lan Controller
- [OEM Strings (Type 11) - Length 5 - Handle 0009h]
- Number of Strings 5
- 1 Acer System
- 2 String2 for Original Equipment Manufacturer
- 3 String3 for Original Equipment Manufacturer
- 4 String4 for Original Equipment Manufacturer
- 5 String5 for Original Equipment Manufacturer
- [System Configuration Options (Type 12) - Length 5 - Handle 000ah]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000bh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 33554432KB
- Number of Memory Devices 2
- [Memory Device (Type 17) - Length 40 - Handle 000ch]
- Physical Memory Array Handle 000bh
- Total Width 0 bits
- Data Width 0 bits
- Form Factor 00h - Specification Reserved
- Device Locator DIMM 0
- Bank Locator CHANNEL A
- Memory Type 02h - Unknown
- Type Detail 0004h - Unknown
- Speed 0MHz
- Manufacturer Empty
- Part Number Empty
- [Memory Device (Type 17) - Length 40 - Handle 000dh]
- Physical Memory Array Handle 000bh
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 0dh - SODIMM
- Device Locator DIMM 0
- Bank Locator CHANNEL B
- Memory Type 18h - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 1600MHz
- Manufacturer Kingston
- Part Number ACR16D3LS1KNG/8G
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 000eh]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Array Handle 000bh
- Partition Width 255
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 000fh]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Device Handle 000dh
- Mem Array Mapped Adr Handle 000eh
- ========================== Dump #1: Extra #1 ===========================
- 2: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [X] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #1: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffbf034bf6e080 Cid 08cc.0910 Teb: 00000044fa26c000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Impersonation token: ffffae0386276970 (Level Impersonation)
- GetUlongFromAddress: unable to read from fffff8065be1143c
- Owning Process ffffbf034bf18080 Image: svchost.exe
- Attached Process N/A Image: N/A
- fffff78000000000: Unable to get shared data
- Wait Start TickCount 5387 Ticks: 0
- Context Switch Count 559 IdealProcessor: 2
- ReadMemory error: Cannot get nt!KeMaximumIncrement value.
- UserTime 00:00:00.000
- KernelTime 00:00:00.000
- Win32 Start Address 0x00007ff9307fddf0
- Stack Init fffff60f368fbc90 Current fffff60f368faf00
- Base fffff60f368fc000 Limit fffff60f368f6000 Call 0000000000000000
- Priority 7 BasePriority 7 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
- fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
- fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
- fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
- fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
- fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
- fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
- fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff60f`368fbb00)
- 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : 0x00007ff9`3104e2c4
- 00000044`fa4f9d20 00000207`8fb9c870 : 00007ff9`254de676 00000000`00000000 00000208`90e21db0 00000000`00000000 : 0x00007ff9`254de4be
- 00000044`fa4f9d28 00007ff9`254de676 : 00000000`00000000 00000208`90e21db0 00000000`00000000 00007ff9`254de438 : 0x00000207`8fb9c870
- 00000044`fa4f9d30 00000000`00000000 : 00000208`90e21db0 00000000`00000000 00007ff9`254de438 00000000`00000000 : 0x00007ff9`254de676
- ========================================================================
- ======================= Dump #2: ANALYZE VERBOSE =======================
- =========================== File: MEMORY.DMP ===========================
- ========================================================================
- Kernel Bitmap Dump File: Full address space is available
- Windows 10 Kernel Version 19041 MP (4 procs) Free x64
- Kernel base = 0xfffff806`5b200000 PsLoadedModuleList = 0xfffff806`5be2a310
- Debug session time: Thu Jul 16 13:43:03.464 2020 (UTC - 4:00)
- System Uptime: 0 days 0:01:24.179
- BugCheck 1A, {8887, ffff9a0005dfcd50, ffff9a000bfbb930, 500}
- Probably caused by : memory_corruption
- Followup: memory_corruption
- MEMORY_MANAGEMENT (1a)
- # Any other values for parameter 1 must be individually examined.
- Arguments:
- Arg1: 0000000000008887, The subtype of the bugcheck.
- Arg2: ffff9a0005dfcd50
- Arg3: ffff9a000bfbb930
- Arg4: 0000000000000500
- Debugging Details:
- DUMP_CLASS: 1
- DUMP_QUALIFIER: 402
- DUMP_TYPE: 0
- BUGCHECK_STR: 0x1a_8887
- DEFAULT_BUCKET_ID: CODE_CORRUPTION
- PROCESS_NAME: svchost.exe
- CURRENT_IRQL: 2
- STACK_TEXT:
- fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
- fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
- fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
- fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
- fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
- fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
- fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
- fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
- 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : ntdll!NtSetSystemInformation+0x14
- 00000044`fa4f9d20 00007ff9`254de438 : 00000000`00000000 00000208`90e21e48 00000208`90e21db0 00000000`00000000 : sysmain!PfsPfnSetRequestIssue+0x1a
- 00000044`fa4f9d50 00007ff9`254de304 : 00000000`00000000 00000044`fa4f9e00 00000208`90e21e40 00000000`00000000 : sysmain!PfsPfnsSetPriorityHelper+0x110
- 00000044`fa4f9da0 00007ff9`254f0d63 : 00000208`90e48ed0 00000208`90e48ed0 00000208`90e46b80 00000000`00000000 : sysmain!PfsPfnsQuerySetPriority+0x1fc
- 00000044`fa4fd040 00007ff9`2552a242 : 00000208`90e46b80 00000000`00000001 00000000`00000003 00000044`fa4fe3e0 : sysmain!PfWsClassicWsMgrBootDeprioProcess+0x49057
- 00000044`fa4fd0c0 00007ff9`2552a7d8 : 00000000`00000003 00000000`e4a9bbbd 00000044`fa4fd220 00000000`00000000 : sysmain!PfWsClassicWsMgrStart+0x3e
- 00000044`fa4fd0f0 00007ff9`254f6a61 : 00000000`00020000 00000000`00000000 00000000`00000000 00000000`00000000 : sysmain!PfWsWsMgrsStart+0x64
- 00000044`fa4fd120 00007ff9`2550b6ce : 00000000`00000000 00000044`fa4ff7e0 ffffffff`ffffffff 00000207`8f214870 : sysmain!PfSvcMainThreadWorker+0xbd1
- 00000044`fa4ff780 00007ff9`254f7fff : 00000044`fa4ff7e0 00000000`00000000 00000000`00000000 00000044`00000004 : sysmain!PfSvcMainThread+0x22
- 00000044`fa4ff7c0 00007ff6`0a154140 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffffff`ffffffff : sysmain!SysMtServiceMain+0x10f
- 00000044`fa4ff800 00007ff9`307fde18 : 00000000`00000000 00000207`8f2172f0 00000207`8f2172f0 00000000`00000000 : svchost!ServiceStarter+0x310
- 00000044`fa4ff930 00007ff9`2f3e6fd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScSvcctrlThreadA+0x28
- 00000044`fa4ff960 00007ff9`30ffcec1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
- 00000044`fa4ff990 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
- STACK_COMMAND: kb
- CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
- fffff8065b335620-fffff8065b335622 3 bytes - nt!_guard_check_icall_fptr
- [ 00 4f 58:b0 66 5e ]
- fffff8065b335628-fffff8065b33562a 3 bytes - nt!_guard_dispatch_icall_fptr (+0x08)
- [ 30 98 5d:00 67 5e ]
- fffff8065b4082c9 - nt!MiDeleteCachedKernelStack+3d
- [ f6:e4 ]
- fffff8065b408395 - nt!MiDeleteKernelStack+a5 (+0xcc)
- [ f6:e4 ]
- fffff8065b40856b-fffff8065b40856c 2 bytes - nt!MiDeleteKernelStack+27b (+0x1d6)
- [ 80 fa:00 9a ]
- fffff8065b40b2cd - nt!MiUnlockVa+35 (+0x2d62)
- [ f6:e4 ]
- fffff8065b40b379-fffff8065b40b37a 2 bytes - nt!MiUnlockVa+e1 (+0xac)
- [ 80 fa:00 9a ]
- fffff8065b40b43d - nt!MiUnlockWsle+89 (+0xc4)
- [ f6:e4 ]
- fffff8065b40b4a0-fffff8065b40b4a1 2 bytes - nt!MiUnlockWsle+ec (+0x63)
- [ 80 fa:00 9a ]
- fffff8065b40b4d4-fffff8065b40b4d5 2 bytes - nt!MiUnlockWsle+120 (+0x34)
- [ fb f6:f2 e4 ]
- fffff8065b40b5d5-fffff8065b40b5d6 2 bytes - nt!MiUnlockPageTableCharges+1d (+0x101)
- [ 80 fa:00 9a ]
- fffff8065b40b72c-fffff8065b40b72d 2 bytes - nt!MiUnlockPageTableCharges+174 (+0x157)
- [ 80 fa:00 9a ]
- fffff8065b40b875 - nt!MiIsLowestPageTablePage+31 (+0x149)
- [ f6:e4 ]
- fffff8065b40b887 - nt!MiIsLowestPageTablePage+43 (+0x12)
- [ f6:e4 ]
- fffff8065b40b945 - nt!MiConvertAndFlushWsleVas+51 (+0xbe)
- [ f6:e4 ]
- fffff8065b40b976-fffff8065b40b977 2 bytes - nt!MiConvertAndFlushWsleVas+82 (+0x31)
- [ fb f6:f2 e4 ]
- fffff8065b40b999 - nt!MiConvertAndFlushWsleVas+a5 (+0x23)
- [ f6:e4 ]
- fffff8065b40ba10-fffff8065b40ba11 2 bytes - nt!MiConvertAndFlushWsleVas+11c (+0x77)
- [ 80 fa:00 9a ]
- fffff8065b40bba8 - nt!MiGetWsleContents+18 (+0x198)
- [ f6:e4 ]
- fffff8065b40bbb4-fffff8065b40bbb8 5 bytes - nt!MiGetWsleContents+24 (+0x0c)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b40bbda-fffff8065b40bbde 5 bytes - nt!MiGetWsleContents+4a (+0x26)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b40bdb4 - nt!NtLockVirtualMemory+184 (+0x1da)
- [ f6:e4 ]
- fffff8065b40be71-fffff8065b40be72 2 bytes - nt!NtLockVirtualMemory+241 (+0xbd)
- [ fb f6:f2 e4 ]
- fffff8065b40bf16-fffff8065b40bf17 2 bytes - nt!NtLockVirtualMemory+2e6 (+0xa5)
- [ 80 fa:00 9a ]
- fffff8065b40bf9d-fffff8065b40bf9e 2 bytes - nt!NtLockVirtualMemory+36d (+0x87)
- [ 80 fa:00 9a ]
- fffff8065b40c0cd-fffff8065b40c0ce 2 bytes - nt!NtLockVirtualMemory+49d (+0x130)
- [ fb f6:f2 e4 ]
- fffff8065b40c154 - nt!NtLockVirtualMemory+524 (+0x87)
- [ f6:e4 ]
- fffff8065b40c4db - nt!NtLockVirtualMemory+8ab (+0x387)
- [ f6:e4 ]
- fffff8065b40c565-fffff8065b40c566 2 bytes - nt!NtLockVirtualMemory+935 (+0x8a)
- [ fb f6:f2 e4 ]
- fffff8065b40e1c7 - nt!MiInitializeWalkBounds+c7 (+0x1c62)
- [ f6:e4 ]
- fffff8065b40e1d8 - nt!MiInitializeWalkBounds+d8 (+0x11)
- [ f7:e5 ]
- fffff8065b40e2e9 - nt!MiWalkPageTables+39 (+0x111)
- [ f6:e4 ]
- fffff8065b40e308-fffff8065b40e30d 6 bytes - nt!MiWalkPageTables+58 (+0x1f)
- [ 68 df be 7d fb f6:48 9e 3c 79 f2 e4 ]
- fffff8065b40e33e - nt!MiWalkPageTables+8e (+0x36)
- [ f6:e4 ]
- fffff8065b40e556-fffff8065b40e55b 6 bytes - nt!MiWalkPageTables+2a6 (+0x218)
- [ 68 df be 7d fb f6:48 9e 3c 79 f2 e4 ]
- fffff8065b40e584-fffff8065b40e588 5 bytes - nt!MiWalkPageTables+2d4 (+0x2e)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b40e58e-fffff8065b40e592 5 bytes - nt!MiWalkPageTables+2de (+0x0a)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b40e65e - nt!MiWalkPageTables+3ae (+0xd0)
- [ f6:e4 ]
- fffff8065b40e79d-fffff8065b40e79e 2 bytes - nt!MiLockPageTablePage+5d (+0x13f)
- [ 80 fa:00 9a ]
- fffff8065b40e8f6-fffff8065b40e8f7 2 bytes - nt!MiLockPageTablePage+1b6 (+0x159)
- [ 80 fa:00 9a ]
- fffff8065b40eab2-fffff8065b40eab3 2 bytes - nt!MiLockPageTablePage+372 (+0x1bc)
- [ 80 fa:00 9a ]
- fffff8065b40eb1c-fffff8065b40eb1d 2 bytes - nt!MiLockPageTablePage+3dc (+0x6a)
- [ 80 fa:00 9a ]
- fffff8065b40ec48 - nt!MiProbeAndLockPrepare+98 (+0x12c)
- [ f6:e4 ]
- fffff8065b40f1b3-fffff8065b40f1b7 5 bytes - nt!MiProbeAndLockPages+93 (+0x56b)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b40f1bd-fffff8065b40f1c1 5 bytes - nt!MiProbeAndLockPages+9d (+0x0a)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b40f33f-fffff8065b40f340 2 bytes - nt!MiProbeAndLockPages+21f (+0x182)
- [ 80 fa:00 9a ]
- fffff8065b40f38a-fffff8065b40f38e 5 bytes - nt!MiProbeAndLockPages+26a (+0x4b)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b40f411-fffff8065b40f415 5 bytes - nt!MiProbeAndLockPages+2f1 (+0x87)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b40f423-fffff8065b40f427 5 bytes - nt!MiProbeAndLockPages+303 (+0x12)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b40f500-fffff8065b40f501 2 bytes - nt!MiProbeAndLockPages+3e0 (+0xdd)
- [ 80 fa:00 9a ]
- fffff8065b40f52c-fffff8065b40f52d 2 bytes - nt!MiProbeAndLockPages+40c (+0x2c)
- [ 80 fa:00 9a ]
- fffff8065b40f55f - nt!MiProbeAndLockPages+43f (+0x33)
- [ f6:e4 ]
- WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
- fffff8065b7df9aa-fffff8065b7df9ab 2 bytes - nt!ExpWnfGetNameStoreRegistryRoot+142
- [ 48 ff:4c 8b ]
- fffff8065b7df9b1-fffff8065b7df9b5 5 bytes - nt!ExpWnfGetNameStoreRegistryRoot+149 (+0x07)
- [ 0f 1f 44 00 00:e8 ba 93 d7 ff ]
- fffff8065b7fde82-fffff8065b7fde83 2 bytes - nt!PfpPfnPrioRequest+d2 (+0x1e4d1)
- [ 80 fa:00 9a ]
- fffff8065b8124ee-fffff8065b8124ef 2 bytes - nt!IopRetrieveTransactionParameters+3e (+0x1466c)
- [ 48 ff:4c 8b ]
- fffff8065b8124f5-fffff8065b8124f9 5 bytes - nt!IopRetrieveTransactionParameters+45 (+0x07)
- [ 0f 1f 44 00 00:e8 16 8b 2a fc ]
- fffff8065b8450e8-fffff8065b8450e9 2 bytes - nt!MiAllocateDriverPage+10c (+0x32bf3)
- [ 80 fa:00 9a ]
- fffff8065b86431e-fffff8065b864322 5 bytes - nt!MmHardFaultBytesRequired+5e (+0x1f236)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b864328-fffff8065b86432c 5 bytes - nt!MmHardFaultBytesRequired+68 (+0x0a)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b864554-fffff8065b864555 2 bytes - nt!MiRelocateImagePfn+94 (+0x22c)
- [ 80 fa:00 9a ]
- fffff8065b864564 - nt!MiRelocateImagePfn+a4 (+0x10)
- [ f6:e4 ]
- fffff8065b86457f - nt!MiRelocateImagePfn+bf (+0x1b)
- [ f6:e4 ]
- fffff8065b8645b7 - nt!MiRelocateImagePfn+f7 (+0x38)
- [ f6:e4 ]
- fffff8065b865390-fffff8065b865394 5 bytes - nt!MiPfPrepareReadList+1f0 (+0xdd9)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b86539a-fffff8065b86539e 5 bytes - nt!MiPfPrepareReadList+1fa (+0x0a)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b865560-fffff8065b865561 2 bytes - nt!MiPfPrepareReadList+3c0 (+0x1c6)
- [ 80 fa:00 9a ]
- fffff8065b86565c-fffff8065b865660 5 bytes - nt!MiPfPrepareReadList+4bc (+0xfc)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b865666-fffff8065b86566a 5 bytes - nt!MiPfPrepareReadList+4c6 (+0x0a)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b8663d5-fffff8065b8663d9 5 bytes - nt!MiPfPrepareSequentialReadList+235 (+0xd6f)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b8663eb-fffff8065b8663ef 5 bytes - nt!MiPfPrepareSequentialReadList+24b (+0x16)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b86668a-fffff8065b86668e 5 bytes - nt!MiPfPrepareSequentialReadList+4ea (+0x29f)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b866763-fffff8065b866764 2 bytes - nt!MiPfPrepareSequentialReadList+5c3 (+0xd9)
- [ 80 fa:00 9a ]
- fffff8065b86ae5c-fffff8065b86ae60 5 bytes - nt!MiIsRangeFullyCommitted+ac (+0x46f9)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b86ae66-fffff8065b86ae6a 5 bytes - nt!MiIsRangeFullyCommitted+b6 (+0x0a)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b87d1cc-fffff8065b87d1cd 2 bytes - nt!PiDqQuerySerializeActionQueue+c0 (+0x12366)
- [ 48 ff:4c 8b ]
- fffff8065b87d1d3-fffff8065b87d1d7 5 bytes - nt!PiDqQuerySerializeActionQueue+c7 (+0x07)
- [ 0f 1f 44 00 00:e8 d8 00 4f fc ]
- fffff8065b87d205-fffff8065b87d206 2 bytes - nt!PiDqQuerySerializeActionQueue+f9 (+0x32)
- [ 48 ff:4c 8b ]
- fffff8065b87d20c - nt!PiDqQuerySerializeActionQueue+100 (+0x07)
- [ 0f:e8 ]
- fffff8065b87d20e-fffff8065b87d210 3 bytes - nt!PiDqQuerySerializeActionQueue+102 (+0x02)
- [ 44 00 00:02 4f fc ]
- fffff8065b87d2b2-fffff8065b87d2b3 2 bytes - nt!PiDqQuerySerializeActionQueue+1a6 (+0xa4)
- [ 48 ff:4c 8b ]
- fffff8065b87d2b9-fffff8065b87d2bd 5 bytes - nt!PiDqQuerySerializeActionQueue+1ad (+0x07)
- [ 0f 1f 44 00 00:e8 72 04 4f fc ]
- fffff8065b87d3fe-fffff8065b87d3ff 2 bytes - nt!PiDqQuerySerializeActionQueue+2f2 (+0x145)
- [ 48 ff:4c 8b ]
- fffff8065b87d405-fffff8065b87d409 5 bytes - nt!PiDqQuerySerializeActionQueue+2f9 (+0x07)
- [ 0f 1f 44 00 00:e8 06 0b 4f fc ]
- fffff8065b87d7dd-fffff8065b87d7de 2 bytes - nt!PiDqIrpQueryCreate+115 (+0x3d8)
- [ 48 ff:4c 8b ]
- fffff8065b87d7e4-fffff8065b87d7e8 5 bytes - nt!PiDqIrpQueryCreate+11c (+0x07)
- [ 0f 1f 44 00 00:e8 87 fd 4e fc ]
- fffff8065b87d819-fffff8065b87d81a 2 bytes - nt!PiDqIrpQueryCreate+151 (+0x35)
- [ 48 ff:4c 8b ]
- fffff8065b87d820-fffff8065b87d824 5 bytes - nt!PiDqIrpQueryCreate+158 (+0x07)
- [ 0f 1f 44 00 00:e8 2b 02 4f fc ]
- fffff8065b88c8c0-fffff8065b88c8c1 2 bytes - nt!PspGetProcessParameterOverrides+34 (+0xf0a0)
- [ 48 ff:4c 8b ]
- fffff8065b88c8c7-fffff8065b88c8cb 5 bytes - nt!PspGetProcessParameterOverrides+3b (+0x07)
- [ 0f 1f 44 00 00:e8 34 86 cf ff ]
- fffff8065b8aca1f-fffff8065b8aca20 2 bytes - nt!CmCheckNoTxContext+f (+0x20158)
- [ 48 ff:4c 8b ]
- fffff8065b8aca26-fffff8065b8aca2a 5 bytes - nt!CmCheckNoTxContext+16 (+0x07)
- [ 0f 1f 44 00 00:e8 e5 e5 20 fc ]
- fffff8065b8c5de6-fffff8065b8c5de7 2 bytes - nt!SPCall2ServerInternal+183e (+0x193c0)
- [ 48 ff:4c 8b ]
- fffff8065b8c5ded-fffff8065b8c5df1 5 bytes - nt!SPCall2ServerInternal+1845 (+0x07)
- [ 0f 1f 44 00 00:e8 7e 2f c9 ff ]
- fffff8065b8d0f17-fffff8065b8d0f18 2 bytes - nt!MiCreateNewSection+703 (+0xb12a)
- [ 80 fa:00 9a ]
- fffff8065b8d3b96-fffff8065b8d3b97 2 bytes - nt!MiDeleteImageCreationMdls+92 (+0x2c7f)
- [ 80 fa:00 9a ]
- fffff8065b8d4842-fffff8065b8d4846 5 bytes - nt!MiChargeSegmentCommit+b2 (+0xcac)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b8d484c-fffff8065b8d4850 5 bytes - nt!MiChargeSegmentCommit+bc (+0x0a)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b8d56b6 - nt!MiPrefetchDriverPages+46 (+0xe6a)
- [ f6:e4 ]
- fffff8065b8d56bc-fffff8065b8d56c0 5 bytes - nt!MiPrefetchDriverPages+4c (+0x06)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065b8d56c6-fffff8065b8d56ca 5 bytes - nt!MiPrefetchDriverPages+56 (+0x0a)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065b8d6cc3-fffff8065b8d6cc4 2 bytes - nt!MmChangeImageProtection+153 (+0x15fd)
- [ 80 fa:00 9a ]
- WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
- fffff8065bba0315-fffff8065bba0316 2 bytes - nt!PopSaveHiberContext+115
- [ 48 ff:4c 8b ]
- fffff8065bba031c-fffff8065bba0320 5 bytes - nt!PopSaveHiberContext+11c (+0x07)
- [ 0f 1f 44 00 00:e8 bf 18 fb fb ]
- fffff8065bba16e0-fffff8065bba16e4 5 bytes - nt!MiUpdateUserMappings+18 (+0x13c4)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065bba170f-fffff8065bba1713 5 bytes - nt!MiUpdateUserMappings+47 (+0x2f)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065bba186e-fffff8065bba1872 5 bytes - nt!MiConvertHiberPhasePte+1e (+0x15f)
- [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
- fffff8065bba187d-fffff8065bba1881 5 bytes - nt!MiConvertHiberPhasePte+2d (+0x0f)
- [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
- fffff8065bba2155-fffff8065bba2156 2 bytes - nt!HalpMcaResumeProcessorConfig+85 (+0x8d8)
- [ 48 ff:4c 8b ]
- fffff8065bba215c-fffff8065bba2160 5 bytes - nt!HalpMcaResumeProcessorConfig+8c (+0x07)
- [ 0f 1f 44 00 00:e8 5f f4 fa fb ]
- fffff8065bba645b-fffff8065bba645c 2 bytes - nt!HalpMcaSetProcessorConfig+93 (+0x42ff)
- [ 48 ff:4c 8b ]
- fffff8065bba6462-fffff8065bba6466 5 bytes - nt!HalpMcaSetProcessorConfig+9a (+0x07)
- [ 0f 1f 44 00 00:e8 99 be fa fb ]
- fffff8065bbab1b6 - nt!MmInitializeProcessor+4a (+0x4d54)
- [ f6:e4 ]
- fffff8065bbac9e6-fffff8065bbac9e7 2 bytes - nt!HalpInitializeMce+ba (+0x1830)
- [ 48 ff:4c 8b ]
- fffff8065bbac9ed-fffff8065bbac9f1 5 bytes - nt!HalpInitializeMce+c1 (+0x07)
- [ 0f 1f 44 00 00:e8 0e 59 fa fb ]
- fffff8065bbac9ff-fffff8065bbaca00 2 bytes - nt!HalpInitializeMce+d3 (+0x12)
- [ 48 ff:4c 8b ]
- fffff8065bbaca06-fffff8065bbaca0a 5 bytes - nt!HalpInitializeMce+da (+0x07)
- [ 0f 1f 44 00 00:e8 a5 5c fa fb ]
- fffff8065bbb1993-fffff8065bbb1994 2 bytes - nt!HalpAcpiPostSleep+f7d7 (+0x4f8d)
- [ 48 ff:4c 8b ]
- fffff8065bbb199a-fffff8065bbb199e 5 bytes - nt!HalpAcpiPostSleep+f7de (+0x07)
- [ 0f 1f 44 00 00:e8 81 f6 ee fb ]
- fffff8065bbb1f08-fffff8065bbb1f09 2 bytes - nt!HaliLocateHiberRanges+f328 (+0x56e)
- [ 48 ff:4c 8b ]
- fffff8065bbb1f0f-fffff8065bbb1f13 5 bytes - nt!HaliLocateHiberRanges+f32f (+0x07)
- [ 0f 1f 44 00 00:e8 5c fc f9 fb ]
- fffff8065bbb3cc7-fffff8065bbb3cc8 2 bytes - nt!HalpInitializeMce+739b (+0x1db8)
- [ 48 ff:4c 8b ]
- fffff8065bbb3cce-fffff8065bbb3cd2 5 bytes - nt!HalpInitializeMce+73a2 (+0x07)
- [ 0f 1f 44 00 00:e8 fd e9 f9 fb ]
- fffff8065bbb3d41-fffff8065bbb3d42 2 bytes - nt!HalpInitializeMce+7415 (+0x73)
- [ 48 ff:4c 8b ]
- fffff8065bbb3d48-fffff8065bbb3d4c 5 bytes - nt!HalpInitializeMce+741c (+0x07)
- [ 0f 1f 44 00 00:e8 c3 e9 f9 fb ]
- fffff8065bbbc39c-fffff8065bbbc39d 2 bytes - nt!KdMarkHiberPhase+34 (+0x8654)
- [ 48 ff:4c 8b ]
- fffff8065bbbc3a3-fffff8065bbbc3a7 5 bytes - nt!KdMarkHiberPhase+3b (+0x07)
- [ 0f 1f 44 00 00:e8 f8 4c ee fb ]
- fffff8065bbbda31-fffff8065bbbda32 2 bytes - nt!MiMarkNonPagedHiberPhasePte+a1 (+0x168e)
- [ 80 fa:00 9a ]
- fffff8065bbbdb01-fffff8065bbbdb02 2 bytes - nt!MmMarkHiberPhase+75 (+0xd0)
- [ 80 fa:00 9a ]
- fffff8065bbbdb0e-fffff8065bbbdb0f 2 bytes - nt!MmMarkHiberPhase+82 (+0x0d)
- [ 80 fa:00 9a ]
- fffff8065bbbe050 - nt!MiDeleteEnclavePages+80 (+0x542)
- [ f6:e4 ]
- fffff8065bbbe1f6-fffff8065bbbe1f7 2 bytes - nt!MiReturnReservedEnclavePages+26 (+0x1a6)
- [ 80 fa:00 9a ]
- fffff8065bbbe507-fffff8065bbbe508 2 bytes - nt!PopGracefulShutdown+137 (+0x311)
- [ 48 ff:4c 8b ]
- fffff8065bbbe50e-fffff8065bbbe512 5 bytes - nt!PopGracefulShutdown+13e (+0x07)
- [ 0f 1f 44 00 00:e8 9d 34 ef fb ]
- fffff8065bbc3a8d-fffff8065bbc3a8e 2 bytes - nt!KdInitSystem+92d
- [ 48 ff:4c 8b ]
- fffff8065bbc3a94-fffff8065bbc3a98 5 bytes - nt!KdInitSystem+934 (+0x07)
- [ 0f 1f 44 00 00:e8 87 d5 ed fb ]
- fffff8065bbc4a1d-fffff8065bbc4a1e 2 bytes - nt!KdpCloseRemoteFile+ad (+0xf89)
- [ 48 ff:4c 8b ]
- fffff8065bbc4a24-fffff8065bbc4a28 5 bytes - nt!KdpCloseRemoteFile+b4 (+0x07)
- [ 0f 1f 44 00 00:e8 47 c6 ed fb ]
- fffff8065bbc4a70-fffff8065bbc4a71 2 bytes - nt!KdpCloseRemoteFile+100 (+0x4c)
- [ 48 ff:4c 8b ]
- fffff8065bbc4a77-fffff8065bbc4a7b 5 bytes - nt!KdpCloseRemoteFile+107 (+0x07)
- [ 0f 1f 44 00 00:e8 e4 c5 ed fb ]
- fffff8065bbc4d25-fffff8065bbc4d26 2 bytes - nt!KdpCreateRemoteFile+155 (+0x2ae)
- [ 48 ff:4c 8b ]
- fffff8065bbc4d2c-fffff8065bbc4d30 5 bytes - nt!KdpCreateRemoteFile+15c (+0x07)
- [ 0f 1f 44 00 00:e8 2f c3 ed fb ]
- fffff8065bbc4d67-fffff8065bbc4d68 2 bytes - nt!KdpCreateRemoteFile+197 (+0x3b)
- [ 48 ff:4c 8b ]
- fffff8065bbc4d6e-fffff8065bbc4d72 5 bytes - nt!KdpCreateRemoteFile+19e (+0x07)
- [ 0f 1f 44 00 00:e8 fd c2 ed fb ]
- fffff8065bbc4ee3-fffff8065bbc4ee4 2 bytes - nt!KdpReadRemoteFile+e7 (+0x175)
- [ 48 ff:4c 8b ]
- fffff8065bbc4eea-fffff8065bbc4eee 5 bytes - nt!KdpReadRemoteFile+ee (+0x07)
- [ 0f 1f 44 00 00:e8 71 c1 ed fb ]
- fffff8065bbc4f21-fffff8065bbc4f22 2 bytes - nt!KdpReadRemoteFile+125 (+0x37)
- [ 48 ff:4c 8b ]
- fffff8065bbc4f28-fffff8065bbc4f2c 5 bytes - nt!KdpReadRemoteFile+12c (+0x07)
- [ 0f 1f 44 00 00:e8 43 c1 ed fb ]
- fffff8065bbc53d7-fffff8065bbc53d8 2 bytes - nt!KdSendTraceData+107 (+0x4af)
- [ 48 ff:4c 8b ]
- fffff8065bbc53de-fffff8065bbc53e2 5 bytes - nt!KdSendTraceData+10e (+0x07)
- [ 0f 1f 44 00 00:e8 7d bc ed fb ]
- fffff8065bbc5532-fffff8065bbc5533 2 bytes - nt!KdpFillMemory+102 (+0x154)
- [ 48 ff:4c 8b ]
- fffff8065bbc5539-fffff8065bbc553d 5 bytes - nt!KdpFillMemory+109 (+0x07)
- [ 0f 1f 44 00 00:e8 22 bb ed fb ]
- fffff8065bbc5604-fffff8065bbc5605 2 bytes - nt!KdpGetBusData+a4 (+0xcb)
- [ 48 ff:4c 8b ]
- fffff8065bbc560b-fffff8065bbc560f 5 bytes - nt!KdpGetBusData+ab (+0x07)
- [ 0f 1f 44 00 00:e8 50 ba ed fb ]
- fffff8065bbc5796-fffff8065bbc5797 2 bytes - nt!KdpQueryMemory+7a (+0x18b)
- [ 48 ff:4c 8b ]
- fffff8065bbc579d-fffff8065bbc57a1 5 bytes - nt!KdpQueryMemory+81 (+0x07)
- [ 0f 1f 44 00 00:e8 be b8 ed fb ]
- fffff8065bbc584d-fffff8065bbc584e 2 bytes - nt!KdpReadControlSpace+99 (+0xb0)
- [ 48 ff:4c 8b ]
- fffff8065bbc5854-fffff8065bbc5858 5 bytes - nt!KdpReadControlSpace+a0 (+0x07)
- [ 0f 1f 44 00 00:e8 07 b8 ed fb ]
- fffff8065bbc5997-fffff8065bbc5998 2 bytes - nt!KdpReadPhysicalMemory+127 (+0x143)
- [ 48 ff:4c 8b ]
- fffff8065bbc599e-fffff8065bbc59a2 5 bytes - nt!KdpReadPhysicalMemory+12e (+0x07)
- [ 0f 1f 44 00 00:e8 bd b6 ed fb ]
- fffff8065bbc5b24-fffff8065bbc5b25 2 bytes - nt!KdpReadVirtualMemory+a0 (+0x186)
- [ 48 ff:4c 8b ]
- fffff8065bbc5b2b-fffff8065bbc5b2f 5 bytes - nt!KdpReadVirtualMemory+a7 (+0x07)
- [ 0f 1f 44 00 00:e8 30 b5 ed fb ]
- fffff8065bbc5fe1-fffff8065bbc5fe2 2 bytes - nt!KdpRestoreBreakPointEx+d9 (+0x4b6)
- [ 48 ff:4c 8b ]
- fffff8065bbc5fe8-fffff8065bbc5fec 5 bytes - nt!KdpRestoreBreakPointEx+e0 (+0x07)
- [ 0f 1f 44 00 00:e8 73 b0 ed fb ]
- fffff8065bbc61f5-fffff8065bbc61f6 2 bytes - nt!KdpSearchMemory+1dd (+0x20d)
- [ 48 ff:4c 8b ]
- fffff8065bbc61fc-fffff8065bbc6200 5 bytes - nt!KdpSearchMemory+1e4 (+0x07)
- [ 0f 1f 44 00 00:e8 5f ae ed fb ]
- fffff8065bbc6597-fffff8065bbc6598 2 bytes - nt!KdpSendWaitContinue+a3 (+0x39b)
- [ 48 ff:4c 8b ]
- fffff8065bbc659e-fffff8065bbc65a2 5 bytes - nt!KdpSendWaitContinue+aa (+0x07)
- [ 0f 1f 44 00 00:e8 bd aa ed fb ]
- fffff8065bbc65e1-fffff8065bbc65e2 2 bytes - nt!KdpSendWaitContinue+ed (+0x43)
- [ 48 ff:4c 8b ]
- fffff8065bbc65e8-fffff8065bbc65ec 5 bytes - nt!KdpSendWaitContinue+f4 (+0x07)
- [ 0f 1f 44 00 00:e8 83 aa ed fb ]
- fffff8065bbc6b67-fffff8065bbc6b68 2 bytes - nt!KdpSendWaitContinue+673 (+0x57f)
- [ 48 ff:4c 8b ]
- fffff8065bbc6b6e-fffff8065bbc6b72 5 bytes - nt!KdpSendWaitContinue+67a (+0x07)
- [ 0f 1f 44 00 00:e8 ed a4 ed fb ]
- fffff8065bbc6b86-fffff8065bbc6b87 2 bytes - nt!KdpSendWaitContinue+692 (+0x18)
- [ 48 ff:4c 8b ]
- fffff8065bbc6b8d-fffff8065bbc6b91 5 bytes - nt!KdpSendWaitContinue+699 (+0x07)
- [ 0f 1f 44 00 00:e8 ce a4 ed fb ]
- fffff8065bbc6d61-fffff8065bbc6d62 2 bytes - nt!KdpSetBusData+71 (+0x1d4)
- [ 48 ff:4c 8b ]
- fffff8065bbc6d68-fffff8065bbc6d6c 5 bytes - nt!KdpSetBusData+78 (+0x07)
- [ 0f 1f 44 00 00:e8 f3 a2 ed fb ]
- fffff8065bbc6e29-fffff8065bbc6e2a 2 bytes - nt!KdpSetContext+ad (+0xc1)
- [ 48 ff:4c 8b ]
- fffff8065bbc6e30-fffff8065bbc6e34 5 bytes - nt!KdpSetContext+b4 (+0x07)
- [ 0f 1f 44 00 00:e8 2b a2 ed fb ]
- fffff8065bbc71de-fffff8065bbc71df 2 bytes - nt!KdpWriteBreakPointEx+14e (+0x3ae)
- [ 48 ff:4c 8b ]
- fffff8065bbc71e5-fffff8065bbc71e9 5 bytes - nt!KdpWriteBreakPointEx+155 (+0x07)
- [ 0f 1f 44 00 00:e8 76 9e ed fb ]
- fffff8065bbc7213-fffff8065bbc7214 2 bytes - nt!KdpWriteBreakPointEx+183 (+0x2e)
- [ 48 ff:4c 8b ]
- fffff8065bbc721a-fffff8065bbc721e 5 bytes - nt!KdpWriteBreakPointEx+18a (+0x07)
- [ 0f 1f 44 00 00:e8 41 9e ed fb ]
- fffff8065bbc72c0-fffff8065bbc72c1 2 bytes - nt!KdpWriteControlSpace+6c (+0xa6)
- [ 48 ff:4c 8b ]
- fffff8065bbc72c7-fffff8065bbc72cb 5 bytes - nt!KdpWriteControlSpace+73 (+0x07)
- [ 0f 1f 44 00 00:e8 94 9d ed fb ]
- WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
- 8609 errors : !nt (fffff8065b335620-fffff8065bbc89ab)
- MODULE_NAME: memory_corruption
- IMAGE_NAME: memory_corruption
- FOLLOWUP_NAME: memory_corruption
- DEBUG_FLR_IMAGE_TIMESTAMP: 0
- MEMORY_CORRUPTOR: LARGE
- FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
- BUCKET_ID: MEMORY_CORRUPTION_LARGE
- PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
- TARGET_TIME: 2020-07-16T17:43:03.000Z
- SUITE_MASK: 272
- PRODUCT_TYPE: 1
- USER_LCID: 0
- FAILURE_ID_HASH_STRING: km:memory_corruption_large
- FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
- Followup: memory_corruption
- ====================== Dump #2: 3RD PARTY DRIVERS ======================
- Jun 03 1984 - user32.dll -
- Apr 21 2002 - KERNELBASE.dll -
- Oct 27 2008 - UMPDC.dll -
- May 05 2015 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- May 29 2015 - RtsPer.sys - Realtek RTS PCIE Reader driver https://www.realtek.com/en/
- Jun 29 2015 - btfilter.sys - Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
- Jul 07 2015 - AtihdWT6.sys - AMD High Definition Audio Function driver http://support.amd.com/
- Jul 21 2015 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
- Jul 29 2015 - SynRMIHID.sys - Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
- Jan 28 2016 - athw8x.sys - Atheros Wireless LAN driver (Qualcomm)
- Aug 16 2019 - atikmdag.sys - ATI Radeon Kernel Mode driver
- Aug 16 2019 - atikmpag.sys - ATI video card driver
- Nov 20 2019 - mbamswissarmy.sys - MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
- Apr 11 2023 - Vid.sys - Hyper-V VM driver
- Mar 30 2031 - KERNEL32.DLL -
- ***** Invalid (B45EF06B) - amdppm.sys - AMD Processor Device driver http://support.amd.com/
- ***** Invalid (A638501D) - IntelTA.sys - Intel Telemetry driver
- ***** Invalid (A83E7C96) - msquic.sys - Microsoft Cross-platform implementation of the IETF QUIC protocol driver https://github.com/microsoft/msquic
- ***** Invalid (DCEEC70E) - ndiscap.sys - NDIS Packet Capture Filter driver
- ***** Invalid (B29BDEB9) - clbcatq.dll -
- ***** Invalid (CAD89AB4) - ntdll.dll -
- ***** Invalid (A604C318) - taskschd.dll -
- ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
- Image path: C:\Windows\System32\user32.dll
- Image name: user32.dll
- Search : https://www.google.com/search?q=user32.dll
- Timestamp : Sun Jun 3 1984
- Mapped memory image file: C:\ProgramData\dbg\sym\KERNELBASE.dll\3CC247072c7000\KERNELBASE.dll
- Image path: C:\Windows\System32\KERNELBASE.dll
- Image name: KERNELBASE.dll
- Search : https://www.google.com/search?q=KERNELBASE.dll
- Timestamp : Sun Apr 21 2002
- Image path: c:\windows\system32\UMPDC.dll
- Image name: UMPDC.dll
- Search : https://www.google.com/search?q=UMPDC.dll
- Timestamp : Mon Oct 27 2008
- Image path: \SystemRoot\System32\drivers\rt640x64.sys
- Image name: rt640x64.sys
- Search : https://www.google.com/search?q=rt640x64.sys
- ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
- Timestamp : Tue May 5 2015
- Image path: \SystemRoot\system32\DRIVERS\RtsPer.sys
- Image name: RtsPer.sys
- Search : https://www.google.com/search?q=RtsPer.sys
- ADA Info : Realtek RTS PCIE Reader driver https://www.realtek.com/en/
- Timestamp : Fri May 29 2015
- Image path: \SystemRoot\system32\DRIVERS\btfilter.sys
- Image name: btfilter.sys
- Search : https://www.google.com/search?q=btfilter.sys
- ADA Info : Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
- Timestamp : Mon Jun 29 2015
- Image path: \SystemRoot\system32\drivers\AtihdWT6.sys
- Image name: AtihdWT6.sys
- Search : https://www.google.com/search?q=AtihdWT6.sys
- ADA Info : AMD High Definition Audio Function driver http://support.amd.com/
- Timestamp : Tue Jul 7 2015
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Search : https://www.google.com/search?q=RTKVHD64.sys
- ADA Info : Realtek Audio System driver https://www.realtek.com/en/
- Timestamp : Tue Jul 21 2015
- Image path: \SystemRoot\system32\DRIVERS\SynRMIHID.sys
- Image name: SynRMIHID.sys
- Search : https://www.google.com/search?q=SynRMIHID.sys
- ADA Info : Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
- Timestamp : Wed Jul 29 2015
- Image path: \SystemRoot\System32\drivers\athw8x.sys
- Image name: athw8x.sys
- Search : https://www.google.com/search?q=athw8x.sys
- ADA Info : Atheros Wireless LAN driver (Qualcomm)
- Timestamp : Thu Jan 28 2016
- Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmdag.sys
- Image name: atikmdag.sys
- Search : https://www.google.com/search?q=atikmdag.sys
- ADA Info : ATI Radeon Kernel Mode driver
- Timestamp : Fri Aug 16 2019
- Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmpag.sys
- Image name: atikmpag.sys
- Search : https://www.google.com/search?q=atikmpag.sys
- ADA Info : ATI video card driver
- Timestamp : Fri Aug 16 2019
- File version: 26.20.12028.2
- Product version: 8.14.1.6564
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.4 Driver
- File date: 00000000.00000000
- CompanyName: Advanced Micro Devices, Inc. rig??¦
- ProductName: AMD drivericro Devices, Inc. rig??¦
- InternalName: atikmpag.sysro Devices, Inc. rig??¦
- OriginalFilename: atikmpag.sysro Devices, Inc. rig??¦
- ProductVersion: 8.14.1.6564sro Devices, Inc. rig??¦
- FileVersion: 26.20.12028.2o Devices, Inc. rig??¦
- FileDescription: AMD multi-vendor Miniport Driver??¦
- LegalCopyright: Copyright (C) 2007 Advanced Micro Devices, Inc.
- Image path: \SystemRoot\System32\Drivers\mbamswissarmy.sys
- Image name: mbamswissarmy.sys
- Search : https://www.google.com/search?q=mbamswissarmy.sys
- ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
- Timestamp : Wed Nov 20 2019
- Image path: \SystemRoot\System32\drivers\Vid.sys
- Image name: Vid.sys
- Search : https://www.google.com/search?q=Vid.sys
- ADA Info : Hyper-V VM driver
- Timestamp : Tue Apr 11 2023
- Mapped memory image file: C:\ProgramData\dbg\sym\KERNEL32.DLL\73317569bd000\KERNEL32.DLL
- Image path: C:\Windows\System32\KERNEL32.DLL
- Image name: KERNEL32.DLL
- Search : https://www.google.com/search?q=KERNEL32.DLL
- Timestamp : Sun Mar 30 2031
- Image path: \SystemRoot\System32\drivers\amdppm.sys
- Image name: amdppm.sys
- Search : https://www.google.com/search?q=amdppm.sys
- ADA Info : AMD Processor Device driver http://support.amd.com/
- Timestamp : ***** Invalid (B45EF06B)
- Image path: \SystemRoot\System32\drivers\IntelTA.sys
- Image name: IntelTA.sys
- Search : https://www.google.com/search?q=IntelTA.sys
- ADA Info : Intel Telemetry driver
- Timestamp : ***** Invalid (A638501D)
- Image path: \SystemRoot\system32\drivers\msquic.sys
- Image name: msquic.sys
- Search : https://www.google.com/search?q=msquic.sys
- ADA Info : Microsoft Cross-platform implementation of the IETF QUIC protocol driver https://github.com/microsoft/msquic
- Timestamp : ***** Invalid (A83E7C96)
- Image path: \SystemRoot\System32\drivers\ndiscap.sys
- Image name: ndiscap.sys
- Search : https://www.google.com/search?q=ndiscap.sys
- ADA Info : NDIS Packet Capture Filter driver
- Timestamp : ***** Invalid (DCEEC70E)
- Image path: C:\Windows\System32\clbcatq.dll
- Image name: clbcatq.dll
- Search : https://www.google.com/search?q=clbcatq.dll
- Timestamp : ***** Invalid (B29BDEB9)
- Image path: C:\Windows\SYSTEM32\ntdll.dll
- Image name: ntdll.dll
- Search : https://www.google.com/search?q=ntdll.dll
- Timestamp : ***** Invalid (CAD89AB4)
- Image path: C:\Windows\System32\taskschd.dll
- Image name: taskschd.dll
- Search : https://www.google.com/search?q=taskschd.dll
- Timestamp : ***** Invalid (A604C318)
- ====================== Dump #2: MICROSOFT DRIVERS ======================
- ACPI.sys ACPI Driver for NT (Microsoft)
- acpiex.sys ACPIEx Driver (Microsoft)
- advapi32.dll Advanced Windows 32 Base API
- afd.sys Ancillary Function Driver for WinSock (Microsoft)
- afunix.sys AF_UNIX Socket Provider driver (Microsoft)
- AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
- ahcache.sys Application Compatibility Cache (Microsoft)
- bam.sys BAM Kernal driver (Microsoft)
- BasicDisplay.sys Basic Display driver (Microsoft)
- BasicRender.sys Basic Render driver (Microsoft)
- BATTC.SYS Battery Class driver (Microsoft)
- bcryptPrimitives.dll Windows Cryptographic Primitives Library
- Beep.SYS BEEP driver (Microsoft)
- bindflt.sys Windows Bind Filter driver (Microsoft)
- BOOTVID.dll VGA Boot Driver (Microsoft)
- bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
- BTHport.sys Bluetooth Bus driver (Microsoft)
- BTHUSB.sys Bluetooth Miniport driver (Microsoft)
- CAD.sys Charge Arbiration driver (Microsoft)
- cdd.dll Canonical Display Driver (Microsoft)
- cdrom.sys SCSI CD-ROM Driver (Microsoft)
- CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
- cfgmgr32.dll Configuration Manager DLL
- CI.dll Code Integrity Module (Microsoft)
- CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
- CLASSPNP.SYS SCSI Class System Dll (Microsoft)
- cldflt.sys Cloud Files Mini Filter driver (Microsoft)
- CLFS.SYS Common Log File System Driver (Microsoft)
- clipsp.sys CLIP Service (Microsoft)
- CmBatt.sys Control Method Battery driver (Microsoft)
- cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
- cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
- combase.dll Microsoft COM for Windows
- CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
- crashdmp.sys Crash Dump driver (Microsoft)
- csc.sys Windows Client Side Caching driver (Microsoft)
- DEVOBJ.dll Device Information Set DLL
- dfsc.sys DFS Namespace Client Driver (Microsoft)
- disk.sys PnP Disk Driver (Microsoft)
- drmk.sys Digital Rights Management (DRM) driver (Microsoft)
- dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
- dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
- dxgmms2.sys DirectX Graphics MMS
- EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
- filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
- fileinfo.sys FileInfo Filter Driver (Microsoft)
- FLTMGR.SYS Filesystem Filter Manager (Microsoft)
- Fs_Rec.sys File System Recognizer Driver (Microsoft)
- fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
- fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
- GDI32.dll GDI Client DLL
- gdi32full.dll GDI Client DLL
- gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
- hal.dll Hardware Abstraction Layer DLL (Microsoft)
- HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
- HIDCLASS.SYS Hid Class Library (Microsoft)
- HIDPARSE.SYS Hid Parsing Library (Microsoft)
- hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
- HTTP.sys HTTP Protocol Stack (Microsoft)
- i8042prt.sys i8042 Keyboard / PS/2 Mouse driver (Microsoft)
- intelpep.sys Intel Power Engine Plugin (Microsoft)
- iorate.sys I/O rate control Filter (Microsoft)
- kbdclass.sys Keyboard Class Driver (Microsoft)
- kd.dll Local Kernal Debugger (Microsoft)
- kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
- kernel.appcore.dll AppModel API Host
- ks.sys Kernal CSA Library (Microsoft)
- ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
- ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
- ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
- lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
- luafv.sys LUA File Virtualization Filter Driver (Microsoft)
- mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
- mmcss.sys MMCSS Driver (Microsoft)
- monitor.sys Monitor Driver (Microsoft)
- mouclass.sys Mouse Class Driver (Microsoft)
- mouhid.sys HID Mouse Filter Driver (Microsoft)
- mountmgr.sys Mount Point Manager (Microsoft)
- MpKslDrv.sys Microsoft Anti-malware Protection driver
- mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
- mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
- mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
- Msfs.SYS Mailslot driver (Microsoft)
- msisadrv.sys ISA Driver (Microsoft)
- mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
- msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
- mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
- mssmbios.sys System Management BIOS driver (Microsoft)
- msvcp_win.dll Microsoft® C Runtime Library
- msvcrt.dll Windows NT CRT DLL
- MTConfig.sys Microsoft Multi-Touch HID Driver (Microsoft)
- mup.sys Multiple UNC Provider driver (Microsoft)
- ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
- ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
- ndisuio.sys NDIS User mode I/O driver (Microsoft)
- NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
- ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
- NDProxy.sys NDIS Proxy driver (Microsoft)
- Ndu.sys Network Data Usage Monitoring driver (Microsoft)
- netbios.sys NetBIOS Interface driver (Microsoft)
- netbt.sys MBT Transport driver (Microsoft)
- NETIO.SYS Network I/O Subsystem (Microsoft)
- Npfs.SYS NPFS driver (Microsoft)
- npsvctrig.sys Named pipe service triggers (Microsoft)
- nsiproxy.sys NSI Proxy driver (Microsoft)
- Ntfs.sys NT File System Driver (Microsoft)
- ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
- ntmarta.dll Windows NT MARTA provider
- ntosext.sys NTOS Extension Host driver (Microsoft)
- Null.SYS NULL Driver (Microsoft)
- nwifi.sys NativeWiFi Miniport Driver (Microsoft)
- OLEAUT32.dll OLEAUT32.DLL
- pacer.sys QoS Packet Scheduler (Microsoft)
- partmgr.sys Partition driver (Microsoft)
- pci.sys NT Plug and Play PCI Enumerator (Microsoft)
- pcw.sys Performance Counter Driver (Microsoft)
- pdc.sys Power Dependency Coordinator Driver (Microsoft)
- peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
- portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
- POWRPROF.dll Power Profile Helper DLL
- PSHED.dll Platform Specific Hardware Error driver (Microsoft)
- rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
- raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
- raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
- rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
- rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
- rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
- rdyboost.sys ReadyBoost Driver (Microsoft)
- rmclient.dll Resource Manager Client
- RPCRT4.dll Remote Procedure Call Runtime
- rspndr.sys Link-Layer Topology Responder driver (Microsoft)
- sechost.dll Host for SCM/SDDL/LSA Lookup APIs
- SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
- shcore.dll SHCORE
- SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
- spaceport.sys Storage Spaces driver (Microsoft)
- srv2.sys Smb 2.0 Server driver (Microsoft)
- srvnet.sys Server Network driver (Microsoft)
- sspicli.dll Security Support Provider Interface
- storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
- storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
- storqosflt.sys Storage QoS Filter driver (Microsoft)
- svchost.exe Host Process for Windows Services
- swenum.sys Plug and Play Software Device Enumerator (Microsoft)
- sysmain.dll SysMain Service Host
- tbs.sys Export driver for kernel mode TPM API (Microsoft)
- tcpip.sys TCP/IP Protocol driver (Microsoft)
- tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
- TDI.SYS TDI Wrapper driver (Microsoft)
- tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
- tm.sys Kernel Transaction Manager driver (Microsoft)
- ucrtbase.dll Microsoft® C Runtime Library
- ucx01000.sys USB Controller Extension (Microsoft)
- umbus.sys User-Mode Bus Enumerator (Microsoft)
- usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
- USBD.SYS Universal Serial Bus Driver (Microsoft)
- usbehci.sys EHCI eUSB Miniport Driver (Microsoft)
- usbhub.sys Default Hub Driver for USB (Microsoft)
- UsbHub3.sys USB3 HUB driver (Microsoft)
- usbohci.sys OHCI USB Miniport Driver (Microsoft)
- USBPORT.SYS USB 1.1 & 2.0 Port Driver (Microsoft)
- usbvideo.sys USB Video Class Driver (Microsoft)
- USBXHCI.SYS USB XHCI driver (Microsoft)
- vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
- volmgr.sys Volume Manager Driver (Microsoft)
- volmgrx.sys Volume Manager Extension Driver (Microsoft)
- volsnap.sys Volume Shadow Copy driver (Microsoft)
- volume.sys Volume driver (Microsoft)
- vwifibus.sys Virtual Wireless Bus driver (Microsoft)
- vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
- vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
- wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
- watchdog.sys Watchdog driver (Microsoft)
- wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
- Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
- WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
- WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
- WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
- werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
- wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
- win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
- win32kbase.sys Base Win32k Kernel Driver (Microsoft)
- win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
- win32u.dll Win32u
- WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
- WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
- winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
- WINSTA.dll Winstation Library
- WLDP.DLL Windows Lockdown Policy
- wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
- WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
- Wof.sys Windows Overlay Filter (Microsoft)
- WppRecorder.sys WPP Trace Recorder (Microsoft)
- wtsapi32.dll Windows Remote Desktop Session Host Server SDK APIs
- XmlLite.dll Microsoft XmlLite Library
- ====================== Dump #2: UNLOADED MODULES =======================
- fffff806`5f940000 fffff806`5f951000 MSKSSRV.sys
- fffff806`5fcd0000 fffff806`5fcdf000 dump_storport.sys
- fffff806`5fd20000 fffff806`5fd53000 dump_storahci.sys
- fffff806`5fd80000 fffff806`5fd9e000 dump_dumpfve.sys
- fffff806`606c0000 fffff806`606cc000 WdmCompanionFilter.sys
- fffff806`5f760000 fffff806`5f77c000 dam.sys
- fffff806`5d800000 fffff806`5d811000 WdBoot.sys
- fffff806`5d7f0000 fffff806`5d7f9000 MbamElam.sys
- fffff806`5e930000 fffff806`5e940000 hwpolicy.sys
- ====================== Dump #2: BIOS INFORMATION =======================
- [SMBIOS Data Tables v2.8]
- [DMI Version - 0]
- [2.0 Calling Convention - No]
- [Table Size - 1471 bytes]
- [BIOS Information (Type 0) - Length 24 - Handle 0000h]
- Vendor Insyde Corp.
- BIOS Version V1.15
- BIOS Starting Address Segment e000
- BIOS Release Date 07/06/2015
- BIOS ROM Size 800000
- BIOS Characteristics
- 07: - PCI Supported
- 11: - Upgradeable FLASH BIOS
- 12: - BIOS Shadowing Supported
- 15: - CD-Boot Supported
- 16: - Selectable Boot Supported
- 19: - EDD Supported
- 20: - NEC 9800 J-Floppy Supported
- 21: - Toshiba J-Floppy Supported
- 22: - 360KB Floppy Supported
- 23: - 1.2MB Floppy Supported
- 24: - 720KB Floppy Supported
- 25: - 2.88MB Floppy Supported
- 27: - Keyboard Services Supported
- 30: - CGA/Mono Services Supported
- BIOS Characteristic Extensions
- 00: - ACPI Supported
- 01: - USB Legacy Supported
- 08: - BIOS Boot Specification Supported
- 10: - Specification Reserved
- 11: - Specification Reserved
- BIOS Major Revision 1
- BIOS Minor Revision 15
- EC Firmware Major Revision 1
- EC Firmware Minor Revision 15
- [System Information (Type 1) - Length 27 - Handle 0001h]
- Manufacturer Acer
- Product Name Aspire E5-551G
- Version V1.15
- UUID 00000000-0000-0000-0000-000000000000
- Wakeup Type Power Switch
- SKUNumber Aspire E5-551G_086A_V1.15
- Family KV
- [BaseBoard Information (Type 2) - Length 16 - Handle 0002h]
- Manufacturer Acer
- Product EA50_KV
- Version V1.15
- Feature Flags 09h
- -2052737312: - -2052737264: - «Eºþ
- Location Base Board Chassis Location
- Chassis Handle 0003h
- Board Type 0ah - Processor/Memory Module
- Number of Child Handles 0
- [System Enclosure (Type 3) - Length 23 - Handle 0003h]
- Manufacturer Acer
- Chassis Type Notebook
- Version Chassis Version
- Bootup State Safe
- Power Supply State Safe
- Thermal State Safe
- Security Status None
- OEM Defined 0
- Height 0U
- Number of Power Cords 1
- Number of Contained Elements 0
- Contained Element Size 0
- [Processor Information (Type 4) - Length 42 - Handle 0004h]
- Socket Designation Socket FP3
- Processor Type Central Processor
- Processor Family 48h - Specification Reserved
- Processor Manufacturer AMD processor
- Processor ID 010f6300fffb8b17
- Processor Version AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
- Processor Voltage 8ah - 1.0V
- External Clock 100MHz
- Max Speed 1900MHz
- Current Speed 1900MHz
- Status Enabled Populated
- Processor Upgrade None
- L1 Cache Handle 0005h
- L2 Cache Handle 0006h
- L3 Cache Handle [Not Present]
- Part Number FFFF
- [Cache Information (Type 7) - Length 19 - Handle 0005h]
- Socket Designation L1 Cache
- Cache Configuration 0180h - WB Enabled Int NonSocketed L1
- Maximum Cache Size 0100h - 256K
- Installed Size 0100h - 256K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 2-way Set-Associative
- [Cache Information (Type 7) - Length 19 - Handle 0006h]
- Socket Designation L2 Cache
- Cache Configuration 0181h - WB Enabled Int NonSocketed L2
- Maximum Cache Size 8040h - 4096K
- Installed Size 8040h - 4096K
- Supported SRAM Type 0010h - Pipeline-Burst
- Current SRAM Type 0010h - Pipeline-Burst
- Cache Speed 1ns
- Error Correction Type Specification Reserved
- System Cache Type Unified
- Associativity 16-way Set-Associative
- [Onboard Devices Information (Type 10) - Length 6 - Handle 0007h]
- Number of Devices 1
- 01: Type Video [enabled]
- 01: Description Video Graphics Controller
- [Onboard Devices Information (Type 10) - Length 6 - Handle 0008h]
- Number of Devices 1
- 01: Type Ethernet [enabled]
- 01: Description Realtek Lan Controller
- [OEM Strings (Type 11) - Length 5 - Handle 0009h]
- Number of Strings 5
- 1 Acer System
- 2 String2 for Original Equipment Manufacturer
- 3 String3 for Original Equipment Manufacturer
- 4 String4 for Original Equipment Manufacturer
- 5 String5 for Original Equipment Manufacturer
- [System Configuration Options (Type 12) - Length 5 - Handle 000ah]
- [Physical Memory Array (Type 16) - Length 23 - Handle 000bh]
- Location 03h - SystemBoard/Motherboard
- Use 03h - System Memory
- Memory Error Correction 03h - None
- Maximum Capacity 33554432KB
- Number of Memory Devices 2
- [Memory Device (Type 17) - Length 40 - Handle 000ch]
- Physical Memory Array Handle 000bh
- Total Width 0 bits
- Data Width 0 bits
- Form Factor 00h - Specification Reserved
- Device Locator DIMM 0
- Bank Locator CHANNEL A
- Memory Type 02h - Unknown
- Type Detail 0004h - Unknown
- Speed 0MHz
- Manufacturer Empty
- Part Number Empty
- [Memory Device (Type 17) - Length 40 - Handle 000dh]
- Physical Memory Array Handle 000bh
- Total Width 64 bits
- Data Width 64 bits
- Size 8192MB
- Form Factor 0dh - SODIMM
- Device Locator DIMM 0
- Bank Locator CHANNEL B
- Memory Type 18h - Specification Reserved
- Type Detail 4080h - Synchronous
- Speed 1600MHz
- Manufacturer Kingston
- Part Number ACR16D3LS1KNG/8G
- [Memory Array Mapped Address (Type 19) - Length 31 - Handle 000eh]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Array Handle 000bh
- Partition Width 255
- [Memory Device Mapped Address (Type 20) - Length 35 - Handle 000fh]
- Starting Address 00000000h
- Ending Address 007fffffh
- Memory Device Handle 000dh
- Mem Array Mapped Adr Handle 000eh
- ========================== Dump #2: Extra #1 ===========================
- 2: kd> !verifier
- Verify Flags Level 0x00000000
- STANDARD FLAGS:
- [ ] (0x00000000) Automatic Checks
- [ ] (0x00000001) Special pool
- [ ] (0x00000002) Force IRQL checking
- [ ] (0x00000008) Pool tracking
- [ ] (0x00000010) I/O verification
- [ ] (0x00000020) Deadlock detection
- [ ] (0x00000080) DMA checking
- [ ] (0x00000100) Security checks
- [ ] (0x00000800) Miscellaneous checks
- [ ] (0x00020000) DDI compliance checking
- ADDITIONAL FLAGS:
- [ ] (0x00000004) Randomized low resources simulation
- [ ] (0x00000200) Force pending I/O requests
- [ ] (0x00000400) IRP logging
- [ ] (0x00002000) Invariant MDL checking for stack
- [ ] (0x00004000) Invariant MDL checking for driver
- [ ] (0x00008000) Power framework delay fuzzing
- [ ] (0x00010000) Port/miniport interface checking
- [ ] (0x00040000) Systematic low resources simulation
- [ ] (0x00080000) DDI compliance checking (additional)
- [ ] (0x00200000) NDIS/WIFI verification
- [ ] (0x00800000) Kernel synchronization delay fuzzing
- [ ] (0x01000000) VM switch verification
- [ ] (0x02000000) Code integrity checks
- [X] Indicates flag is enabled
- Summary of All Verifier Statistics
- RaiseIrqls 0x0
- AcquireSpinLocks 0x0
- Synch Executions 0x0
- Trims 0x0
- Pool Allocations Attempted 0x0
- Pool Allocations Succeeded 0x0
- Pool Allocations Succeeded SpecialPool 0x0
- Pool Allocations With NO TAG 0x0
- Pool Allocations Failed 0x0
- Current paged pool allocations 0x0 for 00000000 bytes
- Peak paged pool allocations 0x0 for 00000000 bytes
- Current nonpaged pool allocations 0x0 for 00000000 bytes
- Peak nonpaged pool allocations 0x0 for 00000000 bytes
- ========================== Dump #2: Extra #2 ===========================
- 2: kd> !thread
- THREAD ffffbf034bf6e080 Cid 08cc.0910 Teb: 00000044fa26c000 Win32Thread: 0000000000000000 RUNNING on processor 2
- Impersonation token: ffffae0386276970 (Level Impersonation)
- Owning Process ffffbf034bf18080 Image: svchost.exe
- Attached Process N/A Image: N/A
- Wait Start TickCount 5387 Ticks: 0
- Context Switch Count 559 IdealProcessor: 2
- UserTime 00:00:00.812
- KernelTime 00:00:00.687
- Win32 Start Address sechost!ScSvcctrlThreadA (0x00007ff9307fddf0)
- Stack Init fffff60f368fbc90 Current fffff60f368faf00
- Base fffff60f368fc000 Limit fffff60f368f6000 Call 0000000000000000
- Priority 7 BasePriority 7 PriorityDecrement 0 IoPriority 2 PagePriority 5
- Child-SP RetAddr : Args to Child : Call Site
- fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
- fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
- fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
- fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
- fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
- fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
- fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
- fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff60f`368fbb00)
- 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : ntdll!NtSetSystemInformation+0x14
- 00000044`fa4f9d20 00007ff9`254de438 : 00000000`00000000 00000208`90e21e48 00000208`90e21db0 00000000`00000000 : sysmain!PfsPfnSetRequestIssue+0x1a
- 00000044`fa4f9d50 00007ff9`254de304 : 00000000`00000000 00000044`fa4f9e00 00000208`90e21e40 00000000`00000000 : sysmain!PfsPfnsSetPriorityHelper+0x110
- 00000044`fa4f9da0 00007ff9`254f0d63 : 00000208`90e48ed0 00000208`90e48ed0 00000208`90e46b80 00000000`00000000 : sysmain!PfsPfnsQuerySetPriority+0x1fc
- 00000044`fa4fd040 00007ff9`2552a242 : 00000208`90e46b80 00000000`00000001 00000000`00000003 00000044`fa4fe3e0 : sysmain!PfWsClassicWsMgrBootDeprioProcess+0x49057
- 00000044`fa4fd0c0 00007ff9`2552a7d8 : 00000000`00000003 00000000`e4a9bbbd 00000044`fa4fd220 00000000`00000000 : sysmain!PfWsClassicWsMgrStart+0x3e
- 00000044`fa4fd0f0 00007ff9`254f6a61 : 00000000`00020000 00000000`00000000 00000000`00000000 00000000`00000000 : sysmain!PfWsWsMgrsStart+0x64
- 00000044`fa4fd120 00007ff9`2550b6ce : 00000000`00000000 00000044`fa4ff7e0 ffffffff`ffffffff 00000207`8f214870 : sysmain!PfSvcMainThreadWorker+0xbd1
- 00000044`fa4ff780 00007ff9`254f7fff : 00000044`fa4ff7e0 00000000`00000000 00000000`00000000 00000044`00000004 : sysmain!PfSvcMainThread+0x22
- 00000044`fa4ff7c0 00007ff6`0a154140 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffffff`ffffffff : sysmain!SysMtServiceMain+0x10f
- 00000044`fa4ff800 00007ff9`307fde18 : 00000000`00000000 00000207`8f2172f0 00000207`8f2172f0 00000000`00000000 : svchost!ServiceStarter+0x310
- 00000044`fa4ff930 00007ff9`2f3e6fd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScSvcctrlThreadA+0x28
- 00000044`fa4ff960 00007ff9`30ffcec1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
- 00000044`fa4ff990 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
Add Comment
Please, Sign In to add comment