API tools faq
paste
Guest User

Untitled

a guest
Jul 17th, 2020
98
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 92.21 KB | None | 0 0
raw download clone embed print report
  1. ========================== AUTO DUMP ANALYZER ==========================
  2. Auto Dump Analyzer
  3. Version: 0.91
  4. Time to analyze file(s): 00 hours and 05 minutes and 22 seconds
  5.  
  6. ================================ SYSTEM ================================
  7. MANUFACTURER: Acer
  8. PRODUCT_NAME: Aspire E5-551G
  9. SKU: [Removed]
  10. VERSION: V1.15
  11.  
  12. ================================= BIOS =================================
  13. VENDOR: Insyde Corp.
  14. VERSION: V1.15
  15. DATE: 07/06/2015
  16.  
  17. ============================= MOTHERBOARD ==============================
  18. MANUFACTURER: Acer
  19. PRODUCT: EA50_KV
  20. VERSION: V1.15
  21.  
  22. ================================= RAM ==================================
  23. Size Speed Manufacturer Part No.
  24. -------------- -------------- ------------------- ----------------------
  25. 0MHz Empty Empty
  26. 8192MB 1600MHz Kingston ACR16D3LS1KNG/8G
  27.  
  28. ================================= CPU ==================================
  29. Processor Version: AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
  30. COUNT: 4
  31. MHZ: 1896
  32. VENDOR: AuthenticAMD
  33. FAMILY: 15
  34. MODEL: 30
  35. STEPPING: 1
  36.  
  37. ================================== OS ==================================
  38. Product: WinNt, suite: TerminalServer SingleUserTS
  39. Built by: 19041.1.amd64fre.vb_release.191206-1406
  40. BUILD_VERSION: 10.0.19041.388 (WinBuild.160101.0800)
  41. BUILD: 19041
  42. SERVICEPACK: 388
  43. PLATFORM_TYPE: x64
  44. NAME: Windows 10
  45. EDITION: Windows 10 WinNt TerminalServer SingleUserTS
  46. BUILD_TIMESTAMP: unknown_date
  47. BUILDDATESTAMP: 160101.0800
  48. BUILDLAB: WinBuild
  49. BUILDOSVER: 10.0.19041.388
  50. BUILD_VERSION: 19041.1.amd64fre.vb_release.191206-1406
  51. SERVICEPACK: 0
  52. BUILDDATESTAMP: 191206-1406
  53. BUILDLAB: vb_release
  54. BUILDOSVER: 10.0.19041.1.amd64fre.vb_release.191206-1406
  55.  
  56. =============================== DEBUGGER ===============================
  57. Microsoft (R) Windows Debugger Version 10.0.14321.1024 AMD64
  58. Copyright (c) Microsoft Corporation. All rights reserved.
  59.  
  60. =============================== COMMENTS ===============================
  61. * Information gathered from different dump files may be different. If
  62. Windows updates between two dump files, two or more OS versions may
  63. be shown above.
  64. * If the user updates the BIOS between dump files, two or more versions
  65. and dates may be shown above.
  66. * More RAM information can be found below in a full BIOS section.
  67.  
  68. ========================================================================
  69. ======================= Dump #1: ANALYZE VERBOSE =======================
  70. ====================== File: 071620-42718-01.dmp =======================
  71. ========================================================================
  72.  
  73. Mini Kernel Dump File: Only registers and stack trace are available
  74. Windows 10 Kernel Version 19041 MP (4 procs) Free x64
  75. Kernel base = 0xfffff806`5b200000 PsLoadedModuleList = 0xfffff806`5be2a310
  76. Debug session time: Thu Jul 16 13:43:03.464 2020 (UTC - 4:00)
  77. System Uptime: 0 days 0:01:24.179
  78.  
  79. BugCheck 1A, {8887, ffff9a0005dfcd50, ffff9a000bfbb930, 500}
  80. Probably caused by : memory_corruption
  81. Followup: memory_corruption
  82.  
  83. MEMORY_MANAGEMENT (1a)
  84. # Any other values for parameter 1 must be individually examined.
  85.  
  86. Arguments:
  87. Arg1: 0000000000008887, The subtype of the bugcheck.
  88. Arg2: ffff9a0005dfcd50
  89. Arg3: ffff9a000bfbb930
  90. Arg4: 0000000000000500
  91.  
  92. Debugging Details:
  93. DUMP_CLASS: 1
  94. DUMP_QUALIFIER: 400
  95. DUMP_TYPE: 2
  96. BUGCHECK_STR: 0x1a_8887
  97. CUSTOMER_CRASH_COUNT: 1
  98. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  99.  
  100. PROCESS_NAME: svchost.exe
  101.  
  102. CURRENT_IRQL: 2
  103. STACK_TEXT:
  104. fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
  105. fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
  106. fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
  107. fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
  108. fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
  109. fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
  110. fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
  111. fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  112. 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : 0x00007ff9`3104e2c4
  113. 00000044`fa4f9d20 00000207`8fb9c870 : 00007ff9`254de676 00000000`00000000 00000208`90e21db0 00000000`00000000 : 0x00007ff9`254de4be
  114. 00000044`fa4f9d28 00007ff9`254de676 : 00000000`00000000 00000208`90e21db0 00000000`00000000 00007ff9`254de438 : 0x00000207`8fb9c870
  115. 00000044`fa4f9d30 00000000`00000000 : 00000208`90e21db0 00000000`00000000 00007ff9`254de438 00000000`00000000 : 0x00007ff9`254de676
  116. STACK_COMMAND: kb
  117. CHKIMG_EXTENSION: !chkimg -lo 50 -d !FLTMGR
  118. fffff80657cdcd05-fffff80657cdcd06 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+35
  119. [ 48 ff:4c 8b ]
  120. fffff80657cdcd0c - FLTMGR!DeleteStreamListCtrlCallback+3c (+0x07)
  121. [ 0f:e8 ]
  122. fffff80657cdcd0e-fffff80657cdcd10 3 bytes - FLTMGR!DeleteStreamListCtrlCallback+3e (+0x02)
  123. [ 44 00 00:5b 83 03 ]
  124. fffff80657cdcd1a-fffff80657cdcd1b 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+4a (+0x0c)
  125. [ 48 ff:4c 8b ]
  126. fffff80657cdcd21-fffff80657cdcd25 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+51 (+0x07)
  127. [ 0f 1f 44 00 00:e8 fa 63 74 03 ]
  128. fffff80657cdcd6a-fffff80657cdcd6b 2 bytes - FLTMGR!DeleteStreamListCtrlCallback+9a (+0x49)
  129. [ 48 ff:4c 8b ]
  130. fffff80657cdcd71-fffff80657cdcd77 7 bytes - FLTMGR!DeleteStreamListCtrlCallback+a1 (+0x07)
  131. [ 0f 1f 44 00 00 48 ff:e8 fa 5b 74 03 4c 8b ]
  132. fffff80657cdcd7d-fffff80657cdcd81 5 bytes - FLTMGR!DeleteStreamListCtrlCallback+ad (+0x0c)
  133. [ 0f 1f 44 00 00:e8 5e eb 81 03 ]
  134. 27 errors : !FLTMGR (fffff80657cdcd05-fffff80657cdcd81)
  135. MODULE_NAME: memory_corruption
  136.  
  137. IMAGE_NAME: memory_corruption
  138.  
  139. FOLLOWUP_NAME: memory_corruption
  140. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  141. MEMORY_CORRUPTOR: LARGE
  142. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  143. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  144. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  145. TARGET_TIME: 2020-07-16T17:43:03.000Z
  146. SUITE_MASK: 272
  147. PRODUCT_TYPE: 1
  148. USER_LCID: 0
  149. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  150. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  151. Followup: memory_corruption
  152.  
  153. ====================== Dump #1: 3RD PARTY DRIVERS ======================
  154.  
  155. May 05 2015 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  156. May 29 2015 - RtsPer.sys - Realtek RTS PCIE Reader driver https://www.realtek.com/en/
  157. Jun 29 2015 - btfilter.sys - Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
  158. Jul 07 2015 - AtihdWT6.sys - AMD High Definition Audio Function driver http://support.amd.com/
  159. Jul 21 2015 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  160. Jul 29 2015 - SynRMIHID.sys - Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
  161. Jan 28 2016 - athw8x.sys - Atheros Wireless LAN driver (Qualcomm)
  162. Aug 16 2019 - atikmdag.sys - ATI Radeon Kernel Mode driver
  163. Aug 16 2019 - atikmpag.sys - ATI video card driver
  164. Nov 20 2019 - mbamswissarmy.sys - MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
  165.  
  166. ================== Dump #1: 3RD PARTY DRIVERS (FULL) ===================
  167.  
  168. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  169. Image name: rt640x64.sys
  170. Search : https://www.google.com/search?q=rt640x64.sys
  171. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  172. Timestamp : Tue May 5 2015
  173.  
  174. Image path: \SystemRoot\system32\DRIVERS\RtsPer.sys
  175. Image name: RtsPer.sys
  176. Search : https://www.google.com/search?q=RtsPer.sys
  177. ADA Info : Realtek RTS PCIE Reader driver https://www.realtek.com/en/
  178. Timestamp : Fri May 29 2015
  179.  
  180. Image path: \SystemRoot\system32\DRIVERS\btfilter.sys
  181. Image name: btfilter.sys
  182. Search : https://www.google.com/search?q=btfilter.sys
  183. ADA Info : Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
  184. Timestamp : Mon Jun 29 2015
  185.  
  186. Image path: \SystemRoot\system32\drivers\AtihdWT6.sys
  187. Image name: AtihdWT6.sys
  188. Search : https://www.google.com/search?q=AtihdWT6.sys
  189. ADA Info : AMD High Definition Audio Function driver http://support.amd.com/
  190. Timestamp : Tue Jul 7 2015
  191.  
  192. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  193. Image name: RTKVHD64.sys
  194. Search : https://www.google.com/search?q=RTKVHD64.sys
  195. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  196. Timestamp : Tue Jul 21 2015
  197.  
  198. Image path: \SystemRoot\system32\DRIVERS\SynRMIHID.sys
  199. Image name: SynRMIHID.sys
  200. Search : https://www.google.com/search?q=SynRMIHID.sys
  201. ADA Info : Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
  202. Timestamp : Wed Jul 29 2015
  203.  
  204. Mapped memory image file: C:\ProgramData\dbg\sym\athw8x.sys\56A9E4F6427000\athw8x.sys
  205. Image path: \SystemRoot\System32\drivers\athw8x.sys
  206. Image name: athw8x.sys
  207. Search : https://www.google.com/search?q=athw8x.sys
  208. ADA Info : Atheros Wireless LAN driver (Qualcomm)
  209. Timestamp : Thu Jan 28 2016
  210. File version: 3.0.2.201
  211. Product version: 3.0.2.201
  212. File flags: 8 (Mask 3F) Private
  213. File OS: 40004 NT Win32
  214. File type: 3.6 Driver
  215. File date: 00000000.00000000
  216. CompanyName: Qualcomm Atheros Communications, Inc.
  217. ProductName: Driver for Qualcomm Atheros CB42/CB43/MB42/MB43 Network Adapter
  218. InternalName: ATHR.SYS
  219. OriginalFilename: ATHR.SYS
  220. ProductVersion: 3.0.2.201
  221. FileVersion: 3.0.2.201
  222. FileDescription: Qualcomm Atheros Extensible Wireless LAN device driver
  223. LegalCopyright: Copyright (C) 2001-2010 Qualcomm Atheros Communications, Inc.
  224.  
  225. Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmdag.sys
  226. Image name: atikmdag.sys
  227. Search : https://www.google.com/search?q=atikmdag.sys
  228. ADA Info : ATI Radeon Kernel Mode driver
  229. Timestamp : Fri Aug 16 2019
  230.  
  231. Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmpag.sys
  232. Image name: atikmpag.sys
  233. Search : https://www.google.com/search?q=atikmpag.sys
  234. ADA Info : ATI video card driver
  235. Timestamp : Fri Aug 16 2019
  236.  
  237. Image path: \SystemRoot\System32\Drivers\mbamswissarmy.sys
  238. Image name: mbamswissarmy.sys
  239. Search : https://www.google.com/search?q=mbamswissarmy.sys
  240. ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
  241. Timestamp : Wed Nov 20 2019
  242.  
  243. ====================== Dump #1: MICROSOFT DRIVERS ======================
  244.  
  245. ACPI.sys ACPI Driver for NT (Microsoft)
  246. acpiex.sys ACPIEx Driver (Microsoft)
  247. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  248. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  249. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  250. ahcache.sys Application Compatibility Cache (Microsoft)
  251. amdppm.sys Processor Device Driver
  252. bam.sys BAM Kernal driver (Microsoft)
  253. BasicDisplay.sys Basic Display driver (Microsoft)
  254. BasicRender.sys Basic Render driver (Microsoft)
  255. BATTC.SYS Battery Class driver (Microsoft)
  256. Beep.SYS BEEP driver (Microsoft)
  257. bindflt.sys Windows Bind Filter driver (Microsoft)
  258. BOOTVID.dll VGA Boot Driver (Microsoft)
  259. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  260. BTHport.sys Bluetooth Bus driver (Microsoft)
  261. BTHUSB.sys Bluetooth Miniport driver (Microsoft)
  262. CAD.sys Charge Arbiration driver (Microsoft)
  263. cdd.dll Canonical Display Driver (Microsoft)
  264. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  265. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  266. CI.dll Code Integrity Module (Microsoft)
  267. CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
  268. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  269. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  270. CLFS.SYS Common Log File System Driver (Microsoft)
  271. clipsp.sys CLIP Service (Microsoft)
  272. CmBatt.sys Control Method Battery driver (Microsoft)
  273. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  274. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  275. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  276. crashdmp.sys Crash Dump driver (Microsoft)
  277. csc.sys Windows Client Side Caching driver (Microsoft)
  278. dfsc.sys DFS Namespace Client Driver (Microsoft)
  279. disk.sys PnP Disk Driver (Microsoft)
  280. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  281. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  282. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  283. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  284. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  285. dxgmms2.sys DirectX Graphics MMS
  286. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  287. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  288. fileinfo.sys FileInfo Filter Driver (Microsoft)
  289. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  290. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  291. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  292. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  293. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  294. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  295. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  296. HIDCLASS.SYS Hid Class Library (Microsoft)
  297. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  298. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  299. HTTP.sys HTTP Protocol Stack (Microsoft)
  300. i8042prt.sys i8042 Keyboard / PS/2 Mouse driver (Microsoft)
  301. intelpep.sys Intel Power Engine Plugin (Microsoft)
  302. IntelTA.sys Intel Telemetry Driver
  303. iorate.sys I/O rate control Filter (Microsoft)
  304. kbdclass.sys Keyboard Class Driver (Microsoft)
  305. kd.dll Local Kernal Debugger (Microsoft)
  306. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  307. ks.sys Kernal CSA Library (Microsoft)
  308. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  309. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  310. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  311. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  312. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  313. mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
  314. mmcss.sys MMCSS Driver (Microsoft)
  315. monitor.sys Monitor Driver (Microsoft)
  316. mouclass.sys Mouse Class Driver (Microsoft)
  317. mouhid.sys HID Mouse Filter Driver (Microsoft)
  318. mountmgr.sys Mount Point Manager (Microsoft)
  319. MpKslDrv.sys Microsoft Anti-malware Protection driver
  320. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  321. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  322. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  323. Msfs.SYS Mailslot driver (Microsoft)
  324. msisadrv.sys ISA Driver (Microsoft)
  325. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  326. msquic.sys Windows QUIC Driver
  327. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  328. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  329. mssmbios.sys System Management BIOS driver (Microsoft)
  330. MTConfig.sys Microsoft Multi-Touch HID Driver (Microsoft)
  331. mup.sys Multiple UNC Provider driver (Microsoft)
  332. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  333. ndiscap.sys Microsoft NDIS Packet Capture Filter Driver
  334. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  335. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  336. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  337. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  338. NDProxy.sys NDIS Proxy driver (Microsoft)
  339. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  340. netbios.sys NetBIOS Interface driver (Microsoft)
  341. netbt.sys MBT Transport driver (Microsoft)
  342. NETIO.SYS Network I/O Subsystem (Microsoft)
  343. Npfs.SYS NPFS driver (Microsoft)
  344. npsvctrig.sys Named pipe service triggers (Microsoft)
  345. nsiproxy.sys NSI Proxy driver (Microsoft)
  346. Ntfs.sys NT File System Driver (Microsoft)
  347. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  348. ntosext.sys NTOS Extension Host driver (Microsoft)
  349. Null.SYS NULL Driver (Microsoft)
  350. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  351. pacer.sys QoS Packet Scheduler (Microsoft)
  352. partmgr.sys Partition driver (Microsoft)
  353. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  354. pcw.sys Performance Counter Driver (Microsoft)
  355. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  356. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  357. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  358. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  359. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  360. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  361. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  362. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  363. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  364. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  365. rdyboost.sys ReadyBoost Driver (Microsoft)
  366. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  367. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  368. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  369. spaceport.sys Storage Spaces driver (Microsoft)
  370. srv2.sys Smb 2.0 Server driver (Microsoft)
  371. srvnet.sys Server Network driver (Microsoft)
  372. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  373. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  374. storqosflt.sys Storage QoS Filter driver (Microsoft)
  375. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  376. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  377. tcpip.sys TCP/IP Protocol driver (Microsoft)
  378. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  379. TDI.SYS TDI Wrapper driver (Microsoft)
  380. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  381. tm.sys Kernel Transaction Manager driver (Microsoft)
  382. ucx01000.sys USB Controller Extension (Microsoft)
  383. umbus.sys User-Mode Bus Enumerator (Microsoft)
  384. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  385. USBD.SYS Universal Serial Bus Driver (Microsoft)
  386. usbehci.sys EHCI eUSB Miniport Driver (Microsoft)
  387. usbhub.sys Default Hub Driver for USB (Microsoft)
  388. UsbHub3.sys USB3 HUB driver (Microsoft)
  389. usbohci.sys OHCI USB Miniport Driver (Microsoft)
  390. USBPORT.SYS USB 1.1 & 2.0 Port Driver (Microsoft)
  391. usbvideo.sys USB Video Class Driver (Microsoft)
  392. USBXHCI.SYS USB XHCI driver (Microsoft)
  393. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  394. Vid.sys Microsoft Hyper-V Virtualization Infrastructure Driver
  395. volmgr.sys Volume Manager Driver (Microsoft)
  396. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  397. volsnap.sys Volume Shadow Copy driver (Microsoft)
  398. volume.sys Volume driver (Microsoft)
  399. vwifibus.sys Virtual Wireless Bus driver (Microsoft)
  400. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  401. vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
  402. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  403. watchdog.sys Watchdog driver (Microsoft)
  404. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  405. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  406. WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
  407. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  408. WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
  409. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  410. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  411. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  412. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  413. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  414. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  415. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  416. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  417. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  418. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  419. Wof.sys Windows Overlay Filter (Microsoft)
  420. WppRecorder.sys WPP Trace Recorder (Microsoft)
  421.  
  422. ====================== Dump #1: UNLOADED MODULES =======================
  423.  
  424. fffff806`5f940000 fffff806`5f951000 MSKSSRV.sys
  425. fffff806`5fcd0000 fffff806`5fcdf000 dump_storpor
  426. fffff806`5fd20000 fffff806`5fd53000 dump_storahc
  427. fffff806`5fd80000 fffff806`5fd9e000 dump_dumpfve
  428. fffff806`606c0000 fffff806`606cc000 WdmCompanion
  429. fffff806`5f760000 fffff806`5f77c000 dam.sys
  430. fffff806`5d800000 fffff806`5d811000 WdBoot.sys
  431. fffff806`5d7f0000 fffff806`5d7f9000 MbamElam.sys
  432. fffff806`5e930000 fffff806`5e940000 hwpolicy.sys
  433.  
  434. ====================== Dump #1: BIOS INFORMATION =======================
  435.  
  436. [SMBIOS Data Tables v2.8]
  437. [DMI Version - 0]
  438. [2.0 Calling Convention - No]
  439. [Table Size - 1471 bytes]
  440. [BIOS Information (Type 0) - Length 24 - Handle 0000h]
  441. Vendor Insyde Corp.
  442. BIOS Version V1.15
  443. BIOS Starting Address Segment e000
  444. BIOS Release Date 07/06/2015
  445. BIOS ROM Size 800000
  446. BIOS Characteristics
  447. 07: - PCI Supported
  448. 11: - Upgradeable FLASH BIOS
  449. 12: - BIOS Shadowing Supported
  450. 15: - CD-Boot Supported
  451. 16: - Selectable Boot Supported
  452. 19: - EDD Supported
  453. 20: - NEC 9800 J-Floppy Supported
  454. 21: - Toshiba J-Floppy Supported
  455. 22: - 360KB Floppy Supported
  456. 23: - 1.2MB Floppy Supported
  457. 24: - 720KB Floppy Supported
  458. 25: - 2.88MB Floppy Supported
  459. 27: - Keyboard Services Supported
  460. 30: - CGA/Mono Services Supported
  461. BIOS Characteristic Extensions
  462. 00: - ACPI Supported
  463. 01: - USB Legacy Supported
  464. 08: - BIOS Boot Specification Supported
  465. 10: - Specification Reserved
  466. 11: - Specification Reserved
  467. BIOS Major Revision 1
  468. BIOS Minor Revision 15
  469. EC Firmware Major Revision 1
  470. EC Firmware Minor Revision 15
  471. [System Information (Type 1) - Length 27 - Handle 0001h]
  472. Manufacturer Acer
  473. Product Name Aspire E5-551G
  474. Version V1.15
  475. UUID 00000000-0000-0000-0000-000000000000
  476. Wakeup Type Power Switch
  477. SKUNumber Aspire E5-551G_086A_V1.15
  478. Family KV
  479. [BaseBoard Information (Type 2) - Length 16 - Handle 0002h]
  480. Manufacturer Acer
  481. Product EA50_KV
  482. Version V1.15
  483. Feature Flags 09h
  484. -1923041568: - -1923041520: - «Eºþ
  485. Location Base Board Chassis Location
  486. Chassis Handle 0003h
  487. Board Type 0ah - Processor/Memory Module
  488. Number of Child Handles 0
  489. [System Enclosure (Type 3) - Length 23 - Handle 0003h]
  490. Manufacturer Acer
  491. Chassis Type Notebook
  492. Version Chassis Version
  493. Bootup State Safe
  494. Power Supply State Safe
  495. Thermal State Safe
  496. Security Status None
  497. OEM Defined 0
  498. Height 0U
  499. Number of Power Cords 1
  500. Number of Contained Elements 0
  501. Contained Element Size 0
  502. [Processor Information (Type 4) - Length 42 - Handle 0004h]
  503. Socket Designation Socket FP3
  504. Processor Type Central Processor
  505. Processor Family 48h - Specification Reserved
  506. Processor Manufacturer AMD processor
  507. Processor ID 010f6300fffb8b17
  508. Processor Version AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
  509. Processor Voltage 8ah - 1.0V
  510. External Clock 100MHz
  511. Max Speed 1900MHz
  512. Current Speed 1900MHz
  513. Status Enabled Populated
  514. Processor Upgrade None
  515. L1 Cache Handle 0005h
  516. L2 Cache Handle 0006h
  517. L3 Cache Handle [Not Present]
  518. Part Number FFFF
  519. [Cache Information (Type 7) - Length 19 - Handle 0005h]
  520. Socket Designation L1 Cache
  521. Cache Configuration 0180h - WB Enabled Int NonSocketed L1
  522. Maximum Cache Size 0100h - 256K
  523. Installed Size 0100h - 256K
  524. Supported SRAM Type 0010h - Pipeline-Burst
  525. Current SRAM Type 0010h - Pipeline-Burst
  526. Cache Speed 1ns
  527. Error Correction Type Specification Reserved
  528. System Cache Type Unified
  529. Associativity 2-way Set-Associative
  530. [Cache Information (Type 7) - Length 19 - Handle 0006h]
  531. Socket Designation L2 Cache
  532. Cache Configuration 0181h - WB Enabled Int NonSocketed L2
  533. Maximum Cache Size 8040h - 4096K
  534. Installed Size 8040h - 4096K
  535. Supported SRAM Type 0010h - Pipeline-Burst
  536. Current SRAM Type 0010h - Pipeline-Burst
  537. Cache Speed 1ns
  538. Error Correction Type Specification Reserved
  539. System Cache Type Unified
  540. Associativity 16-way Set-Associative
  541. [Onboard Devices Information (Type 10) - Length 6 - Handle 0007h]
  542. Number of Devices 1
  543. 01: Type Video [enabled]
  544. 01: Description Video Graphics Controller
  545. [Onboard Devices Information (Type 10) - Length 6 - Handle 0008h]
  546. Number of Devices 1
  547. 01: Type Ethernet [enabled]
  548. 01: Description Realtek Lan Controller
  549. [OEM Strings (Type 11) - Length 5 - Handle 0009h]
  550. Number of Strings 5
  551. 1 Acer System
  552. 2 String2 for Original Equipment Manufacturer
  553. 3 String3 for Original Equipment Manufacturer
  554. 4 String4 for Original Equipment Manufacturer
  555. 5 String5 for Original Equipment Manufacturer
  556. [System Configuration Options (Type 12) - Length 5 - Handle 000ah]
  557. [Physical Memory Array (Type 16) - Length 23 - Handle 000bh]
  558. Location 03h - SystemBoard/Motherboard
  559. Use 03h - System Memory
  560. Memory Error Correction 03h - None
  561. Maximum Capacity 33554432KB
  562. Number of Memory Devices 2
  563. [Memory Device (Type 17) - Length 40 - Handle 000ch]
  564. Physical Memory Array Handle 000bh
  565. Total Width 0 bits
  566. Data Width 0 bits
  567. Form Factor 00h - Specification Reserved
  568. Device Locator DIMM 0
  569. Bank Locator CHANNEL A
  570. Memory Type 02h - Unknown
  571. Type Detail 0004h - Unknown
  572. Speed 0MHz
  573. Manufacturer Empty
  574. Part Number Empty
  575. [Memory Device (Type 17) - Length 40 - Handle 000dh]
  576. Physical Memory Array Handle 000bh
  577. Total Width 64 bits
  578. Data Width 64 bits
  579. Size 8192MB
  580. Form Factor 0dh - SODIMM
  581. Device Locator DIMM 0
  582. Bank Locator CHANNEL B
  583. Memory Type 18h - Specification Reserved
  584. Type Detail 4080h - Synchronous
  585. Speed 1600MHz
  586. Manufacturer Kingston
  587. Part Number ACR16D3LS1KNG/8G
  588. [Memory Array Mapped Address (Type 19) - Length 31 - Handle 000eh]
  589. Starting Address 00000000h
  590. Ending Address 007fffffh
  591. Memory Array Handle 000bh
  592. Partition Width 255
  593. [Memory Device Mapped Address (Type 20) - Length 35 - Handle 000fh]
  594. Starting Address 00000000h
  595. Ending Address 007fffffh
  596. Memory Device Handle 000dh
  597. Mem Array Mapped Adr Handle 000eh
  598.  
  599. ========================== Dump #1: Extra #1 ===========================
  600.  
  601. 2: kd> !verifier
  602. Verify Flags Level 0x00000000
  603. STANDARD FLAGS:
  604. [X] (0x00000000) Automatic Checks
  605. [ ] (0x00000001) Special pool
  606. [ ] (0x00000002) Force IRQL checking
  607. [ ] (0x00000008) Pool tracking
  608. [ ] (0x00000010) I/O verification
  609. [ ] (0x00000020) Deadlock detection
  610. [ ] (0x00000080) DMA checking
  611. [ ] (0x00000100) Security checks
  612. [ ] (0x00000800) Miscellaneous checks
  613. [ ] (0x00020000) DDI compliance checking
  614. ADDITIONAL FLAGS:
  615. [ ] (0x00000004) Randomized low resources simulation
  616. [ ] (0x00000200) Force pending I/O requests
  617. [ ] (0x00000400) IRP logging
  618. [ ] (0x00002000) Invariant MDL checking for stack
  619. [ ] (0x00004000) Invariant MDL checking for driver
  620. [ ] (0x00008000) Power framework delay fuzzing
  621. [ ] (0x00010000) Port/miniport interface checking
  622. [ ] (0x00040000) Systematic low resources simulation
  623. [ ] (0x00080000) DDI compliance checking (additional)
  624. [ ] (0x00200000) NDIS/WIFI verification
  625. [ ] (0x00800000) Kernel synchronization delay fuzzing
  626. [ ] (0x01000000) VM switch verification
  627. [ ] (0x02000000) Code integrity checks
  628. [X] Indicates flag is enabled
  629. Summary of All Verifier Statistics
  630. RaiseIrqls 0x0
  631. AcquireSpinLocks 0x0
  632. Synch Executions 0x0
  633. Trims 0x0
  634. Pool Allocations Attempted 0x0
  635. Pool Allocations Succeeded 0x0
  636. Pool Allocations Succeeded SpecialPool 0x0
  637. Pool Allocations With NO TAG 0x0
  638. Pool Allocations Failed 0x0
  639. Current paged pool allocations 0x0 for 00000000 bytes
  640. Peak paged pool allocations 0x0 for 00000000 bytes
  641. Current nonpaged pool allocations 0x0 for 00000000 bytes
  642. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  643.  
  644. ========================== Dump #1: Extra #2 ===========================
  645.  
  646. 2: kd> !thread
  647. THREAD ffffbf034bf6e080 Cid 08cc.0910 Teb: 00000044fa26c000 Win32Thread: 0000000000000000 RUNNING on processor 2
  648. Impersonation token: ffffae0386276970 (Level Impersonation)
  649. GetUlongFromAddress: unable to read from fffff8065be1143c
  650. Owning Process ffffbf034bf18080 Image: svchost.exe
  651. Attached Process N/A Image: N/A
  652. fffff78000000000: Unable to get shared data
  653. Wait Start TickCount 5387 Ticks: 0
  654. Context Switch Count 559 IdealProcessor: 2
  655. ReadMemory error: Cannot get nt!KeMaximumIncrement value.
  656. UserTime 00:00:00.000
  657. KernelTime 00:00:00.000
  658. Win32 Start Address 0x00007ff9307fddf0
  659. Stack Init fffff60f368fbc90 Current fffff60f368faf00
  660. Base fffff60f368fc000 Limit fffff60f368f6000 Call 0000000000000000
  661. Priority 7 BasePriority 7 PriorityDecrement 0 IoPriority 2 PagePriority 5
  662. Child-SP RetAddr : Args to Child : Call Site
  663. fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
  664. fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
  665. fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
  666. fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
  667. fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
  668. fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
  669. fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
  670. fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff60f`368fbb00)
  671. 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : 0x00007ff9`3104e2c4
  672. 00000044`fa4f9d20 00000207`8fb9c870 : 00007ff9`254de676 00000000`00000000 00000208`90e21db0 00000000`00000000 : 0x00007ff9`254de4be
  673. 00000044`fa4f9d28 00007ff9`254de676 : 00000000`00000000 00000208`90e21db0 00000000`00000000 00007ff9`254de438 : 0x00000207`8fb9c870
  674. 00000044`fa4f9d30 00000000`00000000 : 00000208`90e21db0 00000000`00000000 00007ff9`254de438 00000000`00000000 : 0x00007ff9`254de676
  675.  
  676.  
  677. ========================================================================
  678. ======================= Dump #2: ANALYZE VERBOSE =======================
  679. =========================== File: MEMORY.DMP ===========================
  680. ========================================================================
  681.  
  682. Kernel Bitmap Dump File: Full address space is available
  683. Windows 10 Kernel Version 19041 MP (4 procs) Free x64
  684. Kernel base = 0xfffff806`5b200000 PsLoadedModuleList = 0xfffff806`5be2a310
  685. Debug session time: Thu Jul 16 13:43:03.464 2020 (UTC - 4:00)
  686. System Uptime: 0 days 0:01:24.179
  687.  
  688. BugCheck 1A, {8887, ffff9a0005dfcd50, ffff9a000bfbb930, 500}
  689. Probably caused by : memory_corruption
  690. Followup: memory_corruption
  691.  
  692. MEMORY_MANAGEMENT (1a)
  693. # Any other values for parameter 1 must be individually examined.
  694.  
  695. Arguments:
  696. Arg1: 0000000000008887, The subtype of the bugcheck.
  697. Arg2: ffff9a0005dfcd50
  698. Arg3: ffff9a000bfbb930
  699. Arg4: 0000000000000500
  700.  
  701. Debugging Details:
  702. DUMP_CLASS: 1
  703. DUMP_QUALIFIER: 402
  704. DUMP_TYPE: 0
  705. BUGCHECK_STR: 0x1a_8887
  706. DEFAULT_BUCKET_ID: CODE_CORRUPTION
  707.  
  708. PROCESS_NAME: svchost.exe
  709.  
  710. CURRENT_IRQL: 2
  711. STACK_TEXT:
  712. fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
  713. fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
  714. fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
  715. fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
  716. fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
  717. fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
  718. fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
  719. fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25
  720. 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : ntdll!NtSetSystemInformation+0x14
  721. 00000044`fa4f9d20 00007ff9`254de438 : 00000000`00000000 00000208`90e21e48 00000208`90e21db0 00000000`00000000 : sysmain!PfsPfnSetRequestIssue+0x1a
  722. 00000044`fa4f9d50 00007ff9`254de304 : 00000000`00000000 00000044`fa4f9e00 00000208`90e21e40 00000000`00000000 : sysmain!PfsPfnsSetPriorityHelper+0x110
  723. 00000044`fa4f9da0 00007ff9`254f0d63 : 00000208`90e48ed0 00000208`90e48ed0 00000208`90e46b80 00000000`00000000 : sysmain!PfsPfnsQuerySetPriority+0x1fc
  724. 00000044`fa4fd040 00007ff9`2552a242 : 00000208`90e46b80 00000000`00000001 00000000`00000003 00000044`fa4fe3e0 : sysmain!PfWsClassicWsMgrBootDeprioProcess+0x49057
  725. 00000044`fa4fd0c0 00007ff9`2552a7d8 : 00000000`00000003 00000000`e4a9bbbd 00000044`fa4fd220 00000000`00000000 : sysmain!PfWsClassicWsMgrStart+0x3e
  726. 00000044`fa4fd0f0 00007ff9`254f6a61 : 00000000`00020000 00000000`00000000 00000000`00000000 00000000`00000000 : sysmain!PfWsWsMgrsStart+0x64
  727. 00000044`fa4fd120 00007ff9`2550b6ce : 00000000`00000000 00000044`fa4ff7e0 ffffffff`ffffffff 00000207`8f214870 : sysmain!PfSvcMainThreadWorker+0xbd1
  728. 00000044`fa4ff780 00007ff9`254f7fff : 00000044`fa4ff7e0 00000000`00000000 00000000`00000000 00000044`00000004 : sysmain!PfSvcMainThread+0x22
  729. 00000044`fa4ff7c0 00007ff6`0a154140 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffffff`ffffffff : sysmain!SysMtServiceMain+0x10f
  730. 00000044`fa4ff800 00007ff9`307fde18 : 00000000`00000000 00000207`8f2172f0 00000207`8f2172f0 00000000`00000000 : svchost!ServiceStarter+0x310
  731. 00000044`fa4ff930 00007ff9`2f3e6fd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScSvcctrlThreadA+0x28
  732. 00000044`fa4ff960 00007ff9`30ffcec1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
  733. 00000044`fa4ff990 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
  734. STACK_COMMAND: kb
  735. CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
  736. fffff8065b335620-fffff8065b335622 3 bytes - nt!_guard_check_icall_fptr
  737. [ 00 4f 58:b0 66 5e ]
  738. fffff8065b335628-fffff8065b33562a 3 bytes - nt!_guard_dispatch_icall_fptr (+0x08)
  739. [ 30 98 5d:00 67 5e ]
  740. fffff8065b4082c9 - nt!MiDeleteCachedKernelStack+3d
  741. [ f6:e4 ]
  742. fffff8065b408395 - nt!MiDeleteKernelStack+a5 (+0xcc)
  743. [ f6:e4 ]
  744. fffff8065b40856b-fffff8065b40856c 2 bytes - nt!MiDeleteKernelStack+27b (+0x1d6)
  745. [ 80 fa:00 9a ]
  746. fffff8065b40b2cd - nt!MiUnlockVa+35 (+0x2d62)
  747. [ f6:e4 ]
  748. fffff8065b40b379-fffff8065b40b37a 2 bytes - nt!MiUnlockVa+e1 (+0xac)
  749. [ 80 fa:00 9a ]
  750. fffff8065b40b43d - nt!MiUnlockWsle+89 (+0xc4)
  751. [ f6:e4 ]
  752. fffff8065b40b4a0-fffff8065b40b4a1 2 bytes - nt!MiUnlockWsle+ec (+0x63)
  753. [ 80 fa:00 9a ]
  754. fffff8065b40b4d4-fffff8065b40b4d5 2 bytes - nt!MiUnlockWsle+120 (+0x34)
  755. [ fb f6:f2 e4 ]
  756. fffff8065b40b5d5-fffff8065b40b5d6 2 bytes - nt!MiUnlockPageTableCharges+1d (+0x101)
  757. [ 80 fa:00 9a ]
  758. fffff8065b40b72c-fffff8065b40b72d 2 bytes - nt!MiUnlockPageTableCharges+174 (+0x157)
  759. [ 80 fa:00 9a ]
  760. fffff8065b40b875 - nt!MiIsLowestPageTablePage+31 (+0x149)
  761. [ f6:e4 ]
  762. fffff8065b40b887 - nt!MiIsLowestPageTablePage+43 (+0x12)
  763. [ f6:e4 ]
  764. fffff8065b40b945 - nt!MiConvertAndFlushWsleVas+51 (+0xbe)
  765. [ f6:e4 ]
  766. fffff8065b40b976-fffff8065b40b977 2 bytes - nt!MiConvertAndFlushWsleVas+82 (+0x31)
  767. [ fb f6:f2 e4 ]
  768. fffff8065b40b999 - nt!MiConvertAndFlushWsleVas+a5 (+0x23)
  769. [ f6:e4 ]
  770. fffff8065b40ba10-fffff8065b40ba11 2 bytes - nt!MiConvertAndFlushWsleVas+11c (+0x77)
  771. [ 80 fa:00 9a ]
  772. fffff8065b40bba8 - nt!MiGetWsleContents+18 (+0x198)
  773. [ f6:e4 ]
  774. fffff8065b40bbb4-fffff8065b40bbb8 5 bytes - nt!MiGetWsleContents+24 (+0x0c)
  775. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  776. fffff8065b40bbda-fffff8065b40bbde 5 bytes - nt!MiGetWsleContents+4a (+0x26)
  777. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  778. fffff8065b40bdb4 - nt!NtLockVirtualMemory+184 (+0x1da)
  779. [ f6:e4 ]
  780. fffff8065b40be71-fffff8065b40be72 2 bytes - nt!NtLockVirtualMemory+241 (+0xbd)
  781. [ fb f6:f2 e4 ]
  782. fffff8065b40bf16-fffff8065b40bf17 2 bytes - nt!NtLockVirtualMemory+2e6 (+0xa5)
  783. [ 80 fa:00 9a ]
  784. fffff8065b40bf9d-fffff8065b40bf9e 2 bytes - nt!NtLockVirtualMemory+36d (+0x87)
  785. [ 80 fa:00 9a ]
  786. fffff8065b40c0cd-fffff8065b40c0ce 2 bytes - nt!NtLockVirtualMemory+49d (+0x130)
  787. [ fb f6:f2 e4 ]
  788. fffff8065b40c154 - nt!NtLockVirtualMemory+524 (+0x87)
  789. [ f6:e4 ]
  790. fffff8065b40c4db - nt!NtLockVirtualMemory+8ab (+0x387)
  791. [ f6:e4 ]
  792. fffff8065b40c565-fffff8065b40c566 2 bytes - nt!NtLockVirtualMemory+935 (+0x8a)
  793. [ fb f6:f2 e4 ]
  794. fffff8065b40e1c7 - nt!MiInitializeWalkBounds+c7 (+0x1c62)
  795. [ f6:e4 ]
  796. fffff8065b40e1d8 - nt!MiInitializeWalkBounds+d8 (+0x11)
  797. [ f7:e5 ]
  798. fffff8065b40e2e9 - nt!MiWalkPageTables+39 (+0x111)
  799. [ f6:e4 ]
  800. fffff8065b40e308-fffff8065b40e30d 6 bytes - nt!MiWalkPageTables+58 (+0x1f)
  801. [ 68 df be 7d fb f6:48 9e 3c 79 f2 e4 ]
  802. fffff8065b40e33e - nt!MiWalkPageTables+8e (+0x36)
  803. [ f6:e4 ]
  804. fffff8065b40e556-fffff8065b40e55b 6 bytes - nt!MiWalkPageTables+2a6 (+0x218)
  805. [ 68 df be 7d fb f6:48 9e 3c 79 f2 e4 ]
  806. fffff8065b40e584-fffff8065b40e588 5 bytes - nt!MiWalkPageTables+2d4 (+0x2e)
  807. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  808. fffff8065b40e58e-fffff8065b40e592 5 bytes - nt!MiWalkPageTables+2de (+0x0a)
  809. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  810. fffff8065b40e65e - nt!MiWalkPageTables+3ae (+0xd0)
  811. [ f6:e4 ]
  812. fffff8065b40e79d-fffff8065b40e79e 2 bytes - nt!MiLockPageTablePage+5d (+0x13f)
  813. [ 80 fa:00 9a ]
  814. fffff8065b40e8f6-fffff8065b40e8f7 2 bytes - nt!MiLockPageTablePage+1b6 (+0x159)
  815. [ 80 fa:00 9a ]
  816. fffff8065b40eab2-fffff8065b40eab3 2 bytes - nt!MiLockPageTablePage+372 (+0x1bc)
  817. [ 80 fa:00 9a ]
  818. fffff8065b40eb1c-fffff8065b40eb1d 2 bytes - nt!MiLockPageTablePage+3dc (+0x6a)
  819. [ 80 fa:00 9a ]
  820. fffff8065b40ec48 - nt!MiProbeAndLockPrepare+98 (+0x12c)
  821. [ f6:e4 ]
  822. fffff8065b40f1b3-fffff8065b40f1b7 5 bytes - nt!MiProbeAndLockPages+93 (+0x56b)
  823. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  824. fffff8065b40f1bd-fffff8065b40f1c1 5 bytes - nt!MiProbeAndLockPages+9d (+0x0a)
  825. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  826. fffff8065b40f33f-fffff8065b40f340 2 bytes - nt!MiProbeAndLockPages+21f (+0x182)
  827. [ 80 fa:00 9a ]
  828. fffff8065b40f38a-fffff8065b40f38e 5 bytes - nt!MiProbeAndLockPages+26a (+0x4b)
  829. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  830. fffff8065b40f411-fffff8065b40f415 5 bytes - nt!MiProbeAndLockPages+2f1 (+0x87)
  831. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  832. fffff8065b40f423-fffff8065b40f427 5 bytes - nt!MiProbeAndLockPages+303 (+0x12)
  833. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  834. fffff8065b40f500-fffff8065b40f501 2 bytes - nt!MiProbeAndLockPages+3e0 (+0xdd)
  835. [ 80 fa:00 9a ]
  836. fffff8065b40f52c-fffff8065b40f52d 2 bytes - nt!MiProbeAndLockPages+40c (+0x2c)
  837. [ 80 fa:00 9a ]
  838. fffff8065b40f55f - nt!MiProbeAndLockPages+43f (+0x33)
  839. [ f6:e4 ]
  840. WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
  841. fffff8065b7df9aa-fffff8065b7df9ab 2 bytes - nt!ExpWnfGetNameStoreRegistryRoot+142
  842. [ 48 ff:4c 8b ]
  843. fffff8065b7df9b1-fffff8065b7df9b5 5 bytes - nt!ExpWnfGetNameStoreRegistryRoot+149 (+0x07)
  844. [ 0f 1f 44 00 00:e8 ba 93 d7 ff ]
  845. fffff8065b7fde82-fffff8065b7fde83 2 bytes - nt!PfpPfnPrioRequest+d2 (+0x1e4d1)
  846. [ 80 fa:00 9a ]
  847. fffff8065b8124ee-fffff8065b8124ef 2 bytes - nt!IopRetrieveTransactionParameters+3e (+0x1466c)
  848. [ 48 ff:4c 8b ]
  849. fffff8065b8124f5-fffff8065b8124f9 5 bytes - nt!IopRetrieveTransactionParameters+45 (+0x07)
  850. [ 0f 1f 44 00 00:e8 16 8b 2a fc ]
  851. fffff8065b8450e8-fffff8065b8450e9 2 bytes - nt!MiAllocateDriverPage+10c (+0x32bf3)
  852. [ 80 fa:00 9a ]
  853. fffff8065b86431e-fffff8065b864322 5 bytes - nt!MmHardFaultBytesRequired+5e (+0x1f236)
  854. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  855. fffff8065b864328-fffff8065b86432c 5 bytes - nt!MmHardFaultBytesRequired+68 (+0x0a)
  856. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  857. fffff8065b864554-fffff8065b864555 2 bytes - nt!MiRelocateImagePfn+94 (+0x22c)
  858. [ 80 fa:00 9a ]
  859. fffff8065b864564 - nt!MiRelocateImagePfn+a4 (+0x10)
  860. [ f6:e4 ]
  861. fffff8065b86457f - nt!MiRelocateImagePfn+bf (+0x1b)
  862. [ f6:e4 ]
  863. fffff8065b8645b7 - nt!MiRelocateImagePfn+f7 (+0x38)
  864. [ f6:e4 ]
  865. fffff8065b865390-fffff8065b865394 5 bytes - nt!MiPfPrepareReadList+1f0 (+0xdd9)
  866. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  867. fffff8065b86539a-fffff8065b86539e 5 bytes - nt!MiPfPrepareReadList+1fa (+0x0a)
  868. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  869. fffff8065b865560-fffff8065b865561 2 bytes - nt!MiPfPrepareReadList+3c0 (+0x1c6)
  870. [ 80 fa:00 9a ]
  871. fffff8065b86565c-fffff8065b865660 5 bytes - nt!MiPfPrepareReadList+4bc (+0xfc)
  872. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  873. fffff8065b865666-fffff8065b86566a 5 bytes - nt!MiPfPrepareReadList+4c6 (+0x0a)
  874. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  875. fffff8065b8663d5-fffff8065b8663d9 5 bytes - nt!MiPfPrepareSequentialReadList+235 (+0xd6f)
  876. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  877. fffff8065b8663eb-fffff8065b8663ef 5 bytes - nt!MiPfPrepareSequentialReadList+24b (+0x16)
  878. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  879. fffff8065b86668a-fffff8065b86668e 5 bytes - nt!MiPfPrepareSequentialReadList+4ea (+0x29f)
  880. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  881. fffff8065b866763-fffff8065b866764 2 bytes - nt!MiPfPrepareSequentialReadList+5c3 (+0xd9)
  882. [ 80 fa:00 9a ]
  883. fffff8065b86ae5c-fffff8065b86ae60 5 bytes - nt!MiIsRangeFullyCommitted+ac (+0x46f9)
  884. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  885. fffff8065b86ae66-fffff8065b86ae6a 5 bytes - nt!MiIsRangeFullyCommitted+b6 (+0x0a)
  886. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  887. fffff8065b87d1cc-fffff8065b87d1cd 2 bytes - nt!PiDqQuerySerializeActionQueue+c0 (+0x12366)
  888. [ 48 ff:4c 8b ]
  889. fffff8065b87d1d3-fffff8065b87d1d7 5 bytes - nt!PiDqQuerySerializeActionQueue+c7 (+0x07)
  890. [ 0f 1f 44 00 00:e8 d8 00 4f fc ]
  891. fffff8065b87d205-fffff8065b87d206 2 bytes - nt!PiDqQuerySerializeActionQueue+f9 (+0x32)
  892. [ 48 ff:4c 8b ]
  893. fffff8065b87d20c - nt!PiDqQuerySerializeActionQueue+100 (+0x07)
  894. [ 0f:e8 ]
  895. fffff8065b87d20e-fffff8065b87d210 3 bytes - nt!PiDqQuerySerializeActionQueue+102 (+0x02)
  896. [ 44 00 00:02 4f fc ]
  897. fffff8065b87d2b2-fffff8065b87d2b3 2 bytes - nt!PiDqQuerySerializeActionQueue+1a6 (+0xa4)
  898. [ 48 ff:4c 8b ]
  899. fffff8065b87d2b9-fffff8065b87d2bd 5 bytes - nt!PiDqQuerySerializeActionQueue+1ad (+0x07)
  900. [ 0f 1f 44 00 00:e8 72 04 4f fc ]
  901. fffff8065b87d3fe-fffff8065b87d3ff 2 bytes - nt!PiDqQuerySerializeActionQueue+2f2 (+0x145)
  902. [ 48 ff:4c 8b ]
  903. fffff8065b87d405-fffff8065b87d409 5 bytes - nt!PiDqQuerySerializeActionQueue+2f9 (+0x07)
  904. [ 0f 1f 44 00 00:e8 06 0b 4f fc ]
  905. fffff8065b87d7dd-fffff8065b87d7de 2 bytes - nt!PiDqIrpQueryCreate+115 (+0x3d8)
  906. [ 48 ff:4c 8b ]
  907. fffff8065b87d7e4-fffff8065b87d7e8 5 bytes - nt!PiDqIrpQueryCreate+11c (+0x07)
  908. [ 0f 1f 44 00 00:e8 87 fd 4e fc ]
  909. fffff8065b87d819-fffff8065b87d81a 2 bytes - nt!PiDqIrpQueryCreate+151 (+0x35)
  910. [ 48 ff:4c 8b ]
  911. fffff8065b87d820-fffff8065b87d824 5 bytes - nt!PiDqIrpQueryCreate+158 (+0x07)
  912. [ 0f 1f 44 00 00:e8 2b 02 4f fc ]
  913. fffff8065b88c8c0-fffff8065b88c8c1 2 bytes - nt!PspGetProcessParameterOverrides+34 (+0xf0a0)
  914. [ 48 ff:4c 8b ]
  915. fffff8065b88c8c7-fffff8065b88c8cb 5 bytes - nt!PspGetProcessParameterOverrides+3b (+0x07)
  916. [ 0f 1f 44 00 00:e8 34 86 cf ff ]
  917. fffff8065b8aca1f-fffff8065b8aca20 2 bytes - nt!CmCheckNoTxContext+f (+0x20158)
  918. [ 48 ff:4c 8b ]
  919. fffff8065b8aca26-fffff8065b8aca2a 5 bytes - nt!CmCheckNoTxContext+16 (+0x07)
  920. [ 0f 1f 44 00 00:e8 e5 e5 20 fc ]
  921. fffff8065b8c5de6-fffff8065b8c5de7 2 bytes - nt!SPCall2ServerInternal+183e (+0x193c0)
  922. [ 48 ff:4c 8b ]
  923. fffff8065b8c5ded-fffff8065b8c5df1 5 bytes - nt!SPCall2ServerInternal+1845 (+0x07)
  924. [ 0f 1f 44 00 00:e8 7e 2f c9 ff ]
  925. fffff8065b8d0f17-fffff8065b8d0f18 2 bytes - nt!MiCreateNewSection+703 (+0xb12a)
  926. [ 80 fa:00 9a ]
  927. fffff8065b8d3b96-fffff8065b8d3b97 2 bytes - nt!MiDeleteImageCreationMdls+92 (+0x2c7f)
  928. [ 80 fa:00 9a ]
  929. fffff8065b8d4842-fffff8065b8d4846 5 bytes - nt!MiChargeSegmentCommit+b2 (+0xcac)
  930. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  931. fffff8065b8d484c-fffff8065b8d4850 5 bytes - nt!MiChargeSegmentCommit+bc (+0x0a)
  932. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  933. fffff8065b8d56b6 - nt!MiPrefetchDriverPages+46 (+0xe6a)
  934. [ f6:e4 ]
  935. fffff8065b8d56bc-fffff8065b8d56c0 5 bytes - nt!MiPrefetchDriverPages+4c (+0x06)
  936. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  937. fffff8065b8d56c6-fffff8065b8d56ca 5 bytes - nt!MiPrefetchDriverPages+56 (+0x0a)
  938. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  939. fffff8065b8d6cc3-fffff8065b8d6cc4 2 bytes - nt!MmChangeImageProtection+153 (+0x15fd)
  940. [ 80 fa:00 9a ]
  941. WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
  942. fffff8065bba0315-fffff8065bba0316 2 bytes - nt!PopSaveHiberContext+115
  943. [ 48 ff:4c 8b ]
  944. fffff8065bba031c-fffff8065bba0320 5 bytes - nt!PopSaveHiberContext+11c (+0x07)
  945. [ 0f 1f 44 00 00:e8 bf 18 fb fb ]
  946. fffff8065bba16e0-fffff8065bba16e4 5 bytes - nt!MiUpdateUserMappings+18 (+0x13c4)
  947. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  948. fffff8065bba170f-fffff8065bba1713 5 bytes - nt!MiUpdateUserMappings+47 (+0x2f)
  949. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  950. fffff8065bba186e-fffff8065bba1872 5 bytes - nt!MiConvertHiberPhasePte+1e (+0x15f)
  951. [ d0 be 7d fb f6:90 3c 79 f2 e4 ]
  952. fffff8065bba187d-fffff8065bba1881 5 bytes - nt!MiConvertHiberPhasePte+2d (+0x0f)
  953. [ d7 be 7d fb f6:97 3c 79 f2 e4 ]
  954. fffff8065bba2155-fffff8065bba2156 2 bytes - nt!HalpMcaResumeProcessorConfig+85 (+0x8d8)
  955. [ 48 ff:4c 8b ]
  956. fffff8065bba215c-fffff8065bba2160 5 bytes - nt!HalpMcaResumeProcessorConfig+8c (+0x07)
  957. [ 0f 1f 44 00 00:e8 5f f4 fa fb ]
  958. fffff8065bba645b-fffff8065bba645c 2 bytes - nt!HalpMcaSetProcessorConfig+93 (+0x42ff)
  959. [ 48 ff:4c 8b ]
  960. fffff8065bba6462-fffff8065bba6466 5 bytes - nt!HalpMcaSetProcessorConfig+9a (+0x07)
  961. [ 0f 1f 44 00 00:e8 99 be fa fb ]
  962. fffff8065bbab1b6 - nt!MmInitializeProcessor+4a (+0x4d54)
  963. [ f6:e4 ]
  964. fffff8065bbac9e6-fffff8065bbac9e7 2 bytes - nt!HalpInitializeMce+ba (+0x1830)
  965. [ 48 ff:4c 8b ]
  966. fffff8065bbac9ed-fffff8065bbac9f1 5 bytes - nt!HalpInitializeMce+c1 (+0x07)
  967. [ 0f 1f 44 00 00:e8 0e 59 fa fb ]
  968. fffff8065bbac9ff-fffff8065bbaca00 2 bytes - nt!HalpInitializeMce+d3 (+0x12)
  969. [ 48 ff:4c 8b ]
  970. fffff8065bbaca06-fffff8065bbaca0a 5 bytes - nt!HalpInitializeMce+da (+0x07)
  971. [ 0f 1f 44 00 00:e8 a5 5c fa fb ]
  972. fffff8065bbb1993-fffff8065bbb1994 2 bytes - nt!HalpAcpiPostSleep+f7d7 (+0x4f8d)
  973. [ 48 ff:4c 8b ]
  974. fffff8065bbb199a-fffff8065bbb199e 5 bytes - nt!HalpAcpiPostSleep+f7de (+0x07)
  975. [ 0f 1f 44 00 00:e8 81 f6 ee fb ]
  976. fffff8065bbb1f08-fffff8065bbb1f09 2 bytes - nt!HaliLocateHiberRanges+f328 (+0x56e)
  977. [ 48 ff:4c 8b ]
  978. fffff8065bbb1f0f-fffff8065bbb1f13 5 bytes - nt!HaliLocateHiberRanges+f32f (+0x07)
  979. [ 0f 1f 44 00 00:e8 5c fc f9 fb ]
  980. fffff8065bbb3cc7-fffff8065bbb3cc8 2 bytes - nt!HalpInitializeMce+739b (+0x1db8)
  981. [ 48 ff:4c 8b ]
  982. fffff8065bbb3cce-fffff8065bbb3cd2 5 bytes - nt!HalpInitializeMce+73a2 (+0x07)
  983. [ 0f 1f 44 00 00:e8 fd e9 f9 fb ]
  984. fffff8065bbb3d41-fffff8065bbb3d42 2 bytes - nt!HalpInitializeMce+7415 (+0x73)
  985. [ 48 ff:4c 8b ]
  986. fffff8065bbb3d48-fffff8065bbb3d4c 5 bytes - nt!HalpInitializeMce+741c (+0x07)
  987. [ 0f 1f 44 00 00:e8 c3 e9 f9 fb ]
  988. fffff8065bbbc39c-fffff8065bbbc39d 2 bytes - nt!KdMarkHiberPhase+34 (+0x8654)
  989. [ 48 ff:4c 8b ]
  990. fffff8065bbbc3a3-fffff8065bbbc3a7 5 bytes - nt!KdMarkHiberPhase+3b (+0x07)
  991. [ 0f 1f 44 00 00:e8 f8 4c ee fb ]
  992. fffff8065bbbda31-fffff8065bbbda32 2 bytes - nt!MiMarkNonPagedHiberPhasePte+a1 (+0x168e)
  993. [ 80 fa:00 9a ]
  994. fffff8065bbbdb01-fffff8065bbbdb02 2 bytes - nt!MmMarkHiberPhase+75 (+0xd0)
  995. [ 80 fa:00 9a ]
  996. fffff8065bbbdb0e-fffff8065bbbdb0f 2 bytes - nt!MmMarkHiberPhase+82 (+0x0d)
  997. [ 80 fa:00 9a ]
  998. fffff8065bbbe050 - nt!MiDeleteEnclavePages+80 (+0x542)
  999. [ f6:e4 ]
  1000. fffff8065bbbe1f6-fffff8065bbbe1f7 2 bytes - nt!MiReturnReservedEnclavePages+26 (+0x1a6)
  1001. [ 80 fa:00 9a ]
  1002. fffff8065bbbe507-fffff8065bbbe508 2 bytes - nt!PopGracefulShutdown+137 (+0x311)
  1003. [ 48 ff:4c 8b ]
  1004. fffff8065bbbe50e-fffff8065bbbe512 5 bytes - nt!PopGracefulShutdown+13e (+0x07)
  1005. [ 0f 1f 44 00 00:e8 9d 34 ef fb ]
  1006. fffff8065bbc3a8d-fffff8065bbc3a8e 2 bytes - nt!KdInitSystem+92d
  1007. [ 48 ff:4c 8b ]
  1008. fffff8065bbc3a94-fffff8065bbc3a98 5 bytes - nt!KdInitSystem+934 (+0x07)
  1009. [ 0f 1f 44 00 00:e8 87 d5 ed fb ]
  1010. fffff8065bbc4a1d-fffff8065bbc4a1e 2 bytes - nt!KdpCloseRemoteFile+ad (+0xf89)
  1011. [ 48 ff:4c 8b ]
  1012. fffff8065bbc4a24-fffff8065bbc4a28 5 bytes - nt!KdpCloseRemoteFile+b4 (+0x07)
  1013. [ 0f 1f 44 00 00:e8 47 c6 ed fb ]
  1014. fffff8065bbc4a70-fffff8065bbc4a71 2 bytes - nt!KdpCloseRemoteFile+100 (+0x4c)
  1015. [ 48 ff:4c 8b ]
  1016. fffff8065bbc4a77-fffff8065bbc4a7b 5 bytes - nt!KdpCloseRemoteFile+107 (+0x07)
  1017. [ 0f 1f 44 00 00:e8 e4 c5 ed fb ]
  1018. fffff8065bbc4d25-fffff8065bbc4d26 2 bytes - nt!KdpCreateRemoteFile+155 (+0x2ae)
  1019. [ 48 ff:4c 8b ]
  1020. fffff8065bbc4d2c-fffff8065bbc4d30 5 bytes - nt!KdpCreateRemoteFile+15c (+0x07)
  1021. [ 0f 1f 44 00 00:e8 2f c3 ed fb ]
  1022. fffff8065bbc4d67-fffff8065bbc4d68 2 bytes - nt!KdpCreateRemoteFile+197 (+0x3b)
  1023. [ 48 ff:4c 8b ]
  1024. fffff8065bbc4d6e-fffff8065bbc4d72 5 bytes - nt!KdpCreateRemoteFile+19e (+0x07)
  1025. [ 0f 1f 44 00 00:e8 fd c2 ed fb ]
  1026. fffff8065bbc4ee3-fffff8065bbc4ee4 2 bytes - nt!KdpReadRemoteFile+e7 (+0x175)
  1027. [ 48 ff:4c 8b ]
  1028. fffff8065bbc4eea-fffff8065bbc4eee 5 bytes - nt!KdpReadRemoteFile+ee (+0x07)
  1029. [ 0f 1f 44 00 00:e8 71 c1 ed fb ]
  1030. fffff8065bbc4f21-fffff8065bbc4f22 2 bytes - nt!KdpReadRemoteFile+125 (+0x37)
  1031. [ 48 ff:4c 8b ]
  1032. fffff8065bbc4f28-fffff8065bbc4f2c 5 bytes - nt!KdpReadRemoteFile+12c (+0x07)
  1033. [ 0f 1f 44 00 00:e8 43 c1 ed fb ]
  1034. fffff8065bbc53d7-fffff8065bbc53d8 2 bytes - nt!KdSendTraceData+107 (+0x4af)
  1035. [ 48 ff:4c 8b ]
  1036. fffff8065bbc53de-fffff8065bbc53e2 5 bytes - nt!KdSendTraceData+10e (+0x07)
  1037. [ 0f 1f 44 00 00:e8 7d bc ed fb ]
  1038. fffff8065bbc5532-fffff8065bbc5533 2 bytes - nt!KdpFillMemory+102 (+0x154)
  1039. [ 48 ff:4c 8b ]
  1040. fffff8065bbc5539-fffff8065bbc553d 5 bytes - nt!KdpFillMemory+109 (+0x07)
  1041. [ 0f 1f 44 00 00:e8 22 bb ed fb ]
  1042. fffff8065bbc5604-fffff8065bbc5605 2 bytes - nt!KdpGetBusData+a4 (+0xcb)
  1043. [ 48 ff:4c 8b ]
  1044. fffff8065bbc560b-fffff8065bbc560f 5 bytes - nt!KdpGetBusData+ab (+0x07)
  1045. [ 0f 1f 44 00 00:e8 50 ba ed fb ]
  1046. fffff8065bbc5796-fffff8065bbc5797 2 bytes - nt!KdpQueryMemory+7a (+0x18b)
  1047. [ 48 ff:4c 8b ]
  1048. fffff8065bbc579d-fffff8065bbc57a1 5 bytes - nt!KdpQueryMemory+81 (+0x07)
  1049. [ 0f 1f 44 00 00:e8 be b8 ed fb ]
  1050. fffff8065bbc584d-fffff8065bbc584e 2 bytes - nt!KdpReadControlSpace+99 (+0xb0)
  1051. [ 48 ff:4c 8b ]
  1052. fffff8065bbc5854-fffff8065bbc5858 5 bytes - nt!KdpReadControlSpace+a0 (+0x07)
  1053. [ 0f 1f 44 00 00:e8 07 b8 ed fb ]
  1054. fffff8065bbc5997-fffff8065bbc5998 2 bytes - nt!KdpReadPhysicalMemory+127 (+0x143)
  1055. [ 48 ff:4c 8b ]
  1056. fffff8065bbc599e-fffff8065bbc59a2 5 bytes - nt!KdpReadPhysicalMemory+12e (+0x07)
  1057. [ 0f 1f 44 00 00:e8 bd b6 ed fb ]
  1058. fffff8065bbc5b24-fffff8065bbc5b25 2 bytes - nt!KdpReadVirtualMemory+a0 (+0x186)
  1059. [ 48 ff:4c 8b ]
  1060. fffff8065bbc5b2b-fffff8065bbc5b2f 5 bytes - nt!KdpReadVirtualMemory+a7 (+0x07)
  1061. [ 0f 1f 44 00 00:e8 30 b5 ed fb ]
  1062. fffff8065bbc5fe1-fffff8065bbc5fe2 2 bytes - nt!KdpRestoreBreakPointEx+d9 (+0x4b6)
  1063. [ 48 ff:4c 8b ]
  1064. fffff8065bbc5fe8-fffff8065bbc5fec 5 bytes - nt!KdpRestoreBreakPointEx+e0 (+0x07)
  1065. [ 0f 1f 44 00 00:e8 73 b0 ed fb ]
  1066. fffff8065bbc61f5-fffff8065bbc61f6 2 bytes - nt!KdpSearchMemory+1dd (+0x20d)
  1067. [ 48 ff:4c 8b ]
  1068. fffff8065bbc61fc-fffff8065bbc6200 5 bytes - nt!KdpSearchMemory+1e4 (+0x07)
  1069. [ 0f 1f 44 00 00:e8 5f ae ed fb ]
  1070. fffff8065bbc6597-fffff8065bbc6598 2 bytes - nt!KdpSendWaitContinue+a3 (+0x39b)
  1071. [ 48 ff:4c 8b ]
  1072. fffff8065bbc659e-fffff8065bbc65a2 5 bytes - nt!KdpSendWaitContinue+aa (+0x07)
  1073. [ 0f 1f 44 00 00:e8 bd aa ed fb ]
  1074. fffff8065bbc65e1-fffff8065bbc65e2 2 bytes - nt!KdpSendWaitContinue+ed (+0x43)
  1075. [ 48 ff:4c 8b ]
  1076. fffff8065bbc65e8-fffff8065bbc65ec 5 bytes - nt!KdpSendWaitContinue+f4 (+0x07)
  1077. [ 0f 1f 44 00 00:e8 83 aa ed fb ]
  1078. fffff8065bbc6b67-fffff8065bbc6b68 2 bytes - nt!KdpSendWaitContinue+673 (+0x57f)
  1079. [ 48 ff:4c 8b ]
  1080. fffff8065bbc6b6e-fffff8065bbc6b72 5 bytes - nt!KdpSendWaitContinue+67a (+0x07)
  1081. [ 0f 1f 44 00 00:e8 ed a4 ed fb ]
  1082. fffff8065bbc6b86-fffff8065bbc6b87 2 bytes - nt!KdpSendWaitContinue+692 (+0x18)
  1083. [ 48 ff:4c 8b ]
  1084. fffff8065bbc6b8d-fffff8065bbc6b91 5 bytes - nt!KdpSendWaitContinue+699 (+0x07)
  1085. [ 0f 1f 44 00 00:e8 ce a4 ed fb ]
  1086. fffff8065bbc6d61-fffff8065bbc6d62 2 bytes - nt!KdpSetBusData+71 (+0x1d4)
  1087. [ 48 ff:4c 8b ]
  1088. fffff8065bbc6d68-fffff8065bbc6d6c 5 bytes - nt!KdpSetBusData+78 (+0x07)
  1089. [ 0f 1f 44 00 00:e8 f3 a2 ed fb ]
  1090. fffff8065bbc6e29-fffff8065bbc6e2a 2 bytes - nt!KdpSetContext+ad (+0xc1)
  1091. [ 48 ff:4c 8b ]
  1092. fffff8065bbc6e30-fffff8065bbc6e34 5 bytes - nt!KdpSetContext+b4 (+0x07)
  1093. [ 0f 1f 44 00 00:e8 2b a2 ed fb ]
  1094. fffff8065bbc71de-fffff8065bbc71df 2 bytes - nt!KdpWriteBreakPointEx+14e (+0x3ae)
  1095. [ 48 ff:4c 8b ]
  1096. fffff8065bbc71e5-fffff8065bbc71e9 5 bytes - nt!KdpWriteBreakPointEx+155 (+0x07)
  1097. [ 0f 1f 44 00 00:e8 76 9e ed fb ]
  1098. fffff8065bbc7213-fffff8065bbc7214 2 bytes - nt!KdpWriteBreakPointEx+183 (+0x2e)
  1099. [ 48 ff:4c 8b ]
  1100. fffff8065bbc721a-fffff8065bbc721e 5 bytes - nt!KdpWriteBreakPointEx+18a (+0x07)
  1101. [ 0f 1f 44 00 00:e8 41 9e ed fb ]
  1102. fffff8065bbc72c0-fffff8065bbc72c1 2 bytes - nt!KdpWriteControlSpace+6c (+0xa6)
  1103. [ 48 ff:4c 8b ]
  1104. fffff8065bbc72c7-fffff8065bbc72cb 5 bytes - nt!KdpWriteControlSpace+73 (+0x07)
  1105. [ 0f 1f 44 00 00:e8 94 9d ed fb ]
  1106. WARNING: !chkimg output was truncated to 50 lines. Invoke !chkimg without '-lo [num_lines]' to view entire output.
  1107. 8609 errors : !nt (fffff8065b335620-fffff8065bbc89ab)
  1108. MODULE_NAME: memory_corruption
  1109.  
  1110. IMAGE_NAME: memory_corruption
  1111.  
  1112. FOLLOWUP_NAME: memory_corruption
  1113. DEBUG_FLR_IMAGE_TIMESTAMP: 0
  1114. MEMORY_CORRUPTOR: LARGE
  1115. FAILURE_BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1116. BUCKET_ID: MEMORY_CORRUPTION_LARGE
  1117. PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_LARGE
  1118. TARGET_TIME: 2020-07-16T17:43:03.000Z
  1119. SUITE_MASK: 272
  1120. PRODUCT_TYPE: 1
  1121. USER_LCID: 0
  1122. FAILURE_ID_HASH_STRING: km:memory_corruption_large
  1123. FAILURE_ID_HASH: {e29154ac-69a4-0eb8-172a-a860f73c0a3c}
  1124. Followup: memory_corruption
  1125.  
  1126. ====================== Dump #2: 3RD PARTY DRIVERS ======================
  1127.  
  1128. Jun 03 1984 - user32.dll -
  1129. Apr 21 2002 - KERNELBASE.dll -
  1130. Oct 27 2008 - UMPDC.dll -
  1131. May 05 2015 - rt640x64.sys - Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  1132. May 29 2015 - RtsPer.sys - Realtek RTS PCIE Reader driver https://www.realtek.com/en/
  1133. Jun 29 2015 - btfilter.sys - Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
  1134. Jul 07 2015 - AtihdWT6.sys - AMD High Definition Audio Function driver http://support.amd.com/
  1135. Jul 21 2015 - RTKVHD64.sys - Realtek Audio System driver https://www.realtek.com/en/
  1136. Jul 29 2015 - SynRMIHID.sys - Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
  1137. Jan 28 2016 - athw8x.sys - Atheros Wireless LAN driver (Qualcomm)
  1138. Aug 16 2019 - atikmdag.sys - ATI Radeon Kernel Mode driver
  1139. Aug 16 2019 - atikmpag.sys - ATI video card driver
  1140. Nov 20 2019 - mbamswissarmy.sys - MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
  1141. Apr 11 2023 - Vid.sys - Hyper-V VM driver
  1142. Mar 30 2031 - KERNEL32.DLL -
  1143. ***** Invalid (B45EF06B) - amdppm.sys - AMD Processor Device driver http://support.amd.com/
  1144. ***** Invalid (A638501D) - IntelTA.sys - Intel Telemetry driver
  1145. ***** Invalid (A83E7C96) - msquic.sys - Microsoft Cross-platform implementation of the IETF QUIC protocol driver https://github.com/microsoft/msquic
  1146. ***** Invalid (DCEEC70E) - ndiscap.sys - NDIS Packet Capture Filter driver
  1147. ***** Invalid (B29BDEB9) - clbcatq.dll -
  1148. ***** Invalid (CAD89AB4) - ntdll.dll -
  1149. ***** Invalid (A604C318) - taskschd.dll -
  1150.  
  1151. ================== Dump #2: 3RD PARTY DRIVERS (FULL) ===================
  1152.  
  1153. Image path: C:\Windows\System32\user32.dll
  1154. Image name: user32.dll
  1155. Search : https://www.google.com/search?q=user32.dll
  1156. Timestamp : Sun Jun 3 1984
  1157.  
  1158. Mapped memory image file: C:\ProgramData\dbg\sym\KERNELBASE.dll\3CC247072c7000\KERNELBASE.dll
  1159. Image path: C:\Windows\System32\KERNELBASE.dll
  1160. Image name: KERNELBASE.dll
  1161. Search : https://www.google.com/search?q=KERNELBASE.dll
  1162. Timestamp : Sun Apr 21 2002
  1163.  
  1164. Image path: c:\windows\system32\UMPDC.dll
  1165. Image name: UMPDC.dll
  1166. Search : https://www.google.com/search?q=UMPDC.dll
  1167. Timestamp : Mon Oct 27 2008
  1168.  
  1169. Image path: \SystemRoot\System32\drivers\rt640x64.sys
  1170. Image name: rt640x64.sys
  1171. Search : https://www.google.com/search?q=rt640x64.sys
  1172. ADA Info : Realtek NICDRV 8169 PCIe GBE Family Controller driver https://www.realtek.com/en/
  1173. Timestamp : Tue May 5 2015
  1174.  
  1175. Image path: \SystemRoot\system32\DRIVERS\RtsPer.sys
  1176. Image name: RtsPer.sys
  1177. Search : https://www.google.com/search?q=RtsPer.sys
  1178. ADA Info : Realtek RTS PCIE Reader driver https://www.realtek.com/en/
  1179. Timestamp : Fri May 29 2015
  1180.  
  1181. Image path: \SystemRoot\system32\DRIVERS\btfilter.sys
  1182. Image name: btfilter.sys
  1183. Search : https://www.google.com/search?q=btfilter.sys
  1184. ADA Info : Qualcomm Atheros BT Filter driver https://www.qualcomm.com/
  1185. Timestamp : Mon Jun 29 2015
  1186.  
  1187. Image path: \SystemRoot\system32\drivers\AtihdWT6.sys
  1188. Image name: AtihdWT6.sys
  1189. Search : https://www.google.com/search?q=AtihdWT6.sys
  1190. ADA Info : AMD High Definition Audio Function driver http://support.amd.com/
  1191. Timestamp : Tue Jul 7 2015
  1192.  
  1193. Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
  1194. Image name: RTKVHD64.sys
  1195. Search : https://www.google.com/search?q=RTKVHD64.sys
  1196. ADA Info : Realtek Audio System driver https://www.realtek.com/en/
  1197. Timestamp : Tue Jul 21 2015
  1198.  
  1199. Image path: \SystemRoot\system32\DRIVERS\SynRMIHID.sys
  1200. Image name: SynRMIHID.sys
  1201. Search : https://www.google.com/search?q=SynRMIHID.sys
  1202. ADA Info : Synaptics I2C Driver (Synaptics Incorporated) https://www.symantec.com/
  1203. Timestamp : Wed Jul 29 2015
  1204.  
  1205. Image path: \SystemRoot\System32\drivers\athw8x.sys
  1206. Image name: athw8x.sys
  1207. Search : https://www.google.com/search?q=athw8x.sys
  1208. ADA Info : Atheros Wireless LAN driver (Qualcomm)
  1209. Timestamp : Thu Jan 28 2016
  1210.  
  1211. Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmdag.sys
  1212. Image name: atikmdag.sys
  1213. Search : https://www.google.com/search?q=atikmdag.sys
  1214. ADA Info : ATI Radeon Kernel Mode driver
  1215. Timestamp : Fri Aug 16 2019
  1216.  
  1217. Image path: \SystemRoot\System32\DriverStore\FileRepository\u0346830.inf_amd64_35731e557194973d\B345901\atikmpag.sys
  1218. Image name: atikmpag.sys
  1219. Search : https://www.google.com/search?q=atikmpag.sys
  1220. ADA Info : ATI video card driver
  1221. Timestamp : Fri Aug 16 2019
  1222. File version: 26.20.12028.2
  1223. Product version: 8.14.1.6564
  1224. File flags: 8 (Mask 3F) Private
  1225. File OS: 40004 NT Win32
  1226. File type: 3.4 Driver
  1227. File date: 00000000.00000000
  1228. CompanyName: Advanced Micro Devices, Inc. rig??¦
  1229. ProductName: AMD drivericro Devices, Inc. rig??¦
  1230. InternalName: atikmpag.sysro Devices, Inc. rig??¦
  1231. OriginalFilename: atikmpag.sysro Devices, Inc. rig??¦
  1232. ProductVersion: 8.14.1.6564sro Devices, Inc. rig??¦
  1233. FileVersion: 26.20.12028.2o Devices, Inc. rig??¦
  1234. FileDescription: AMD multi-vendor Miniport Driver??¦
  1235. LegalCopyright: Copyright (C) 2007 Advanced Micro Devices, Inc.
  1236.  
  1237. Image path: \SystemRoot\System32\Drivers\mbamswissarmy.sys
  1238. Image name: mbamswissarmy.sys
  1239. Search : https://www.google.com/search?q=mbamswissarmy.sys
  1240. ADA Info : MalwareBytes Anti-Malware system driver https://www.malwarebytes.com/
  1241. Timestamp : Wed Nov 20 2019
  1242.  
  1243. Image path: \SystemRoot\System32\drivers\Vid.sys
  1244. Image name: Vid.sys
  1245. Search : https://www.google.com/search?q=Vid.sys
  1246. ADA Info : Hyper-V VM driver
  1247. Timestamp : Tue Apr 11 2023
  1248.  
  1249. Mapped memory image file: C:\ProgramData\dbg\sym\KERNEL32.DLL\73317569bd000\KERNEL32.DLL
  1250. Image path: C:\Windows\System32\KERNEL32.DLL
  1251. Image name: KERNEL32.DLL
  1252. Search : https://www.google.com/search?q=KERNEL32.DLL
  1253. Timestamp : Sun Mar 30 2031
  1254.  
  1255. Image path: \SystemRoot\System32\drivers\amdppm.sys
  1256. Image name: amdppm.sys
  1257. Search : https://www.google.com/search?q=amdppm.sys
  1258. ADA Info : AMD Processor Device driver http://support.amd.com/
  1259. Timestamp : ***** Invalid (B45EF06B)
  1260.  
  1261. Image path: \SystemRoot\System32\drivers\IntelTA.sys
  1262. Image name: IntelTA.sys
  1263. Search : https://www.google.com/search?q=IntelTA.sys
  1264. ADA Info : Intel Telemetry driver
  1265. Timestamp : ***** Invalid (A638501D)
  1266.  
  1267. Image path: \SystemRoot\system32\drivers\msquic.sys
  1268. Image name: msquic.sys
  1269. Search : https://www.google.com/search?q=msquic.sys
  1270. ADA Info : Microsoft Cross-platform implementation of the IETF QUIC protocol driver https://github.com/microsoft/msquic
  1271. Timestamp : ***** Invalid (A83E7C96)
  1272.  
  1273. Image path: \SystemRoot\System32\drivers\ndiscap.sys
  1274. Image name: ndiscap.sys
  1275. Search : https://www.google.com/search?q=ndiscap.sys
  1276. ADA Info : NDIS Packet Capture Filter driver
  1277. Timestamp : ***** Invalid (DCEEC70E)
  1278.  
  1279. Image path: C:\Windows\System32\clbcatq.dll
  1280. Image name: clbcatq.dll
  1281. Search : https://www.google.com/search?q=clbcatq.dll
  1282. Timestamp : ***** Invalid (B29BDEB9)
  1283.  
  1284. Image path: C:\Windows\SYSTEM32\ntdll.dll
  1285. Image name: ntdll.dll
  1286. Search : https://www.google.com/search?q=ntdll.dll
  1287. Timestamp : ***** Invalid (CAD89AB4)
  1288.  
  1289. Image path: C:\Windows\System32\taskschd.dll
  1290. Image name: taskschd.dll
  1291. Search : https://www.google.com/search?q=taskschd.dll
  1292. Timestamp : ***** Invalid (A604C318)
  1293.  
  1294. ====================== Dump #2: MICROSOFT DRIVERS ======================
  1295.  
  1296. ACPI.sys ACPI Driver for NT (Microsoft)
  1297. acpiex.sys ACPIEx Driver (Microsoft)
  1298. advapi32.dll Advanced Windows 32 Base API
  1299. afd.sys Ancillary Function Driver for WinSock (Microsoft)
  1300. afunix.sys AF_UNIX Socket Provider driver (Microsoft)
  1301. AgileVpn.sys RAS Agil VPN Miniport Call Manager driver (Microsoft)
  1302. ahcache.sys Application Compatibility Cache (Microsoft)
  1303. bam.sys BAM Kernal driver (Microsoft)
  1304. BasicDisplay.sys Basic Display driver (Microsoft)
  1305. BasicRender.sys Basic Render driver (Microsoft)
  1306. BATTC.SYS Battery Class driver (Microsoft)
  1307. bcryptPrimitives.dll Windows Cryptographic Primitives Library
  1308. Beep.SYS BEEP driver (Microsoft)
  1309. bindflt.sys Windows Bind Filter driver (Microsoft)
  1310. BOOTVID.dll VGA Boot Driver (Microsoft)
  1311. bowser.sys NT Lan Manager Datagram Receiver Driver (Microsoft)
  1312. BTHport.sys Bluetooth Bus driver (Microsoft)
  1313. BTHUSB.sys Bluetooth Miniport driver (Microsoft)
  1314. CAD.sys Charge Arbiration driver (Microsoft)
  1315. cdd.dll Canonical Display Driver (Microsoft)
  1316. cdrom.sys SCSI CD-ROM Driver (Microsoft)
  1317. CEA.sys Event Aggregation Kernal Mode Library (Microsoft)
  1318. cfgmgr32.dll Configuration Manager DLL
  1319. CI.dll Code Integrity Module (Microsoft)
  1320. CimFS.SYS Consumer IR Class Driver for eHome (Microsoft)
  1321. CLASSPNP.SYS SCSI Class System Dll (Microsoft)
  1322. cldflt.sys Cloud Files Mini Filter driver (Microsoft)
  1323. CLFS.SYS Common Log File System Driver (Microsoft)
  1324. clipsp.sys CLIP Service (Microsoft)
  1325. CmBatt.sys Control Method Battery driver (Microsoft)
  1326. cmimcext.sys Kernal Configuration Manager Initial Con. Driver (Microsoft)
  1327. cng.sys Kernal Cryptography, Next Generation Driver (Microsoft)
  1328. combase.dll Microsoft COM for Windows
  1329. CompositeBus.sys Multi-Transport Composite Bus Enumerator (Microsoft)
  1330. crashdmp.sys Crash Dump driver (Microsoft)
  1331. csc.sys Windows Client Side Caching driver (Microsoft)
  1332. DEVOBJ.dll Device Information Set DLL
  1333. dfsc.sys DFS Namespace Client Driver (Microsoft)
  1334. disk.sys PnP Disk Driver (Microsoft)
  1335. drmk.sys Digital Rights Management (DRM) driver (Microsoft)
  1336. dump_diskdump.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1337. dump_dumpfve.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1338. dump_storahci.sys (Generic Description) dump_*.sys drivers usually provide disk access during a crash to write dump files.
  1339. dxgkrnl.sys DirectX Graphics Kernal (Microsoft)
  1340. dxgmms2.sys DirectX Graphics MMS
  1341. EhStorClass.sys Enhanced Storage Class driver for IEEE... (Microsoft)
  1342. filecrypt.sys Windows sandboxing and encryption filter (Microsoft)
  1343. fileinfo.sys FileInfo Filter Driver (Microsoft)
  1344. FLTMGR.SYS Filesystem Filter Manager (Microsoft)
  1345. Fs_Rec.sys File System Recognizer Driver (Microsoft)
  1346. fvevol.sys BitLocker Driver Encryption Driver (Microsoft)
  1347. fwpkclnt.sys FWP/IPsec Kernal-Mode API (Microsoft)
  1348. GDI32.dll GDI Client DLL
  1349. gdi32full.dll GDI Client DLL
  1350. gpuenergydrv.sys GPU Energy Kernal Driver (Microsoft)
  1351. hal.dll Hardware Abstraction Layer DLL (Microsoft)
  1352. HDAudBus.sys High Definition Audio Bus Driver (Microsoft)
  1353. HIDCLASS.SYS Hid Class Library (Microsoft)
  1354. HIDPARSE.SYS Hid Parsing Library (Microsoft)
  1355. hidusb.sys USB Miniport Driver for Input Devices (Microsoft)
  1356. HTTP.sys HTTP Protocol Stack (Microsoft)
  1357. i8042prt.sys i8042 Keyboard / PS/2 Mouse driver (Microsoft)
  1358. intelpep.sys Intel Power Engine Plugin (Microsoft)
  1359. iorate.sys I/O rate control Filter (Microsoft)
  1360. kbdclass.sys Keyboard Class Driver (Microsoft)
  1361. kd.dll Local Kernal Debugger (Microsoft)
  1362. kdnic.sys Microsoft Kernel Debugger Network Miniport (Microsoft)
  1363. kernel.appcore.dll AppModel API Host
  1364. ks.sys Kernal CSA Library (Microsoft)
  1365. ksecdd.sys Kernel Security Support Provider Interface (Microsoft)
  1366. ksecpkg.sys Kernel Security Support Provider Interface Packages (Microsoft)
  1367. ksthunk.sys Kernal Streaming WOW Thunk Service (Microsoft)
  1368. lltdio.sys Link-Layer Topology Mapper I/O Driver (Microsoft)
  1369. luafv.sys LUA File Virtualization Filter Driver (Microsoft)
  1370. mcupdate_AuthenticAMD.dll AMD Microcode Update Library (Microsoft)
  1371. mmcss.sys MMCSS Driver (Microsoft)
  1372. monitor.sys Monitor Driver (Microsoft)
  1373. mouclass.sys Mouse Class Driver (Microsoft)
  1374. mouhid.sys HID Mouse Filter Driver (Microsoft)
  1375. mountmgr.sys Mount Point Manager (Microsoft)
  1376. MpKslDrv.sys Microsoft Anti-malware Protection driver
  1377. mpsdrv.sys Microsoft Protection Service Driver (Microsoft)
  1378. mrxsmb.sys SMB MiniRedirector Wrapper and Engine (Microsoft)
  1379. mrxsmb20.sys Longhorn SMB 2.0 Redirector (Microsoft)
  1380. Msfs.SYS Mailslot driver (Microsoft)
  1381. msisadrv.sys ISA Driver (Microsoft)
  1382. mslldp.sys Microsoft Link-Layer Discovery Protocol... (Microsoft)
  1383. msrpc.sys Kernel Remote Procedure Call Provider (Microsoft)
  1384. mssecflt.sys Microsoft Security Events Component file system filter driver (Microsoft)
  1385. mssmbios.sys System Management BIOS driver (Microsoft)
  1386. msvcp_win.dll Microsoft® C Runtime Library
  1387. msvcrt.dll Windows NT CRT DLL
  1388. MTConfig.sys Microsoft Multi-Touch HID Driver (Microsoft)
  1389. mup.sys Multiple UNC Provider driver (Microsoft)
  1390. ndis.sys Network Driver Interface Specification (NDIS) driver (Microsoft)
  1391. ndistapi.sys NDIS 3.0 Connection Wrapper driver (Microsoft)
  1392. ndisuio.sys NDIS User mode I/O driver (Microsoft)
  1393. NdisVirtualBus.sys Virtual Network Adapter Enumerator (Microsoft)
  1394. ndiswan.sys MS PPP Framing Driver (Strong Encryption) Microsoft)
  1395. NDProxy.sys NDIS Proxy driver (Microsoft)
  1396. Ndu.sys Network Data Usage Monitoring driver (Microsoft)
  1397. netbios.sys NetBIOS Interface driver (Microsoft)
  1398. netbt.sys MBT Transport driver (Microsoft)
  1399. NETIO.SYS Network I/O Subsystem (Microsoft)
  1400. Npfs.SYS NPFS driver (Microsoft)
  1401. npsvctrig.sys Named pipe service triggers (Microsoft)
  1402. nsiproxy.sys NSI Proxy driver (Microsoft)
  1403. Ntfs.sys NT File System Driver (Microsoft)
  1404. ntkrnlmp.exe Windows NT operating system kernel (Microsoft)
  1405. ntmarta.dll Windows NT MARTA provider
  1406. ntosext.sys NTOS Extension Host driver (Microsoft)
  1407. Null.SYS NULL Driver (Microsoft)
  1408. nwifi.sys NativeWiFi Miniport Driver (Microsoft)
  1409. OLEAUT32.dll OLEAUT32.DLL
  1410. pacer.sys QoS Packet Scheduler (Microsoft)
  1411. partmgr.sys Partition driver (Microsoft)
  1412. pci.sys NT Plug and Play PCI Enumerator (Microsoft)
  1413. pcw.sys Performance Counter Driver (Microsoft)
  1414. pdc.sys Power Dependency Coordinator Driver (Microsoft)
  1415. peauth.sys Protected Environment Authentication and Authorization Export Driver (Microsoft)
  1416. portcls.sys Class Driver for Port/Miniport Devices system driver (Microsoft)
  1417. POWRPROF.dll Power Profile Helper DLL
  1418. PSHED.dll Platform Specific Hardware Error driver (Microsoft)
  1419. rasl2tp.sys RAS L2TP Mini-port/Call-manager driver (Microsoft)
  1420. raspppoe.sys RAS PPPoE Mini-port/Call manager driver (Microsoft)
  1421. raspptp.sys Peer-to-Peer Tunneling Protocol (Microsoft)
  1422. rassstp.sys RAS SSTP Miniport Call Manager driver (Microsoft)
  1423. rdbss.sys Redirected Drive Buffering SubSystem driver (Microsoft)
  1424. rdpbus.sys Microsoft RDP Bus Device driver (Microsoft)
  1425. rdyboost.sys ReadyBoost Driver (Microsoft)
  1426. rmclient.dll Resource Manager Client
  1427. RPCRT4.dll Remote Procedure Call Runtime
  1428. rspndr.sys Link-Layer Topology Responder driver (Microsoft)
  1429. sechost.dll Host for SCM/SDDL/LSA Lookup APIs
  1430. SgrmAgent.sys System Guard Runtime Monitor Agent driver (Microsoft)
  1431. shcore.dll SHCORE
  1432. SleepStudyHelper.sys Sleep Study Helper driver (Microsoft)
  1433. spaceport.sys Storage Spaces driver (Microsoft)
  1434. srv2.sys Smb 2.0 Server driver (Microsoft)
  1435. srvnet.sys Server Network driver (Microsoft)
  1436. sspicli.dll Security Support Provider Interface
  1437. storahci.sys MS AHCI Storport Miniport Driver (Microsoft)
  1438. storport.sys Storage port driver for use with high-performance buses such as fibre channel buses and RAID adapters. (Microsoft)
  1439. storqosflt.sys Storage QoS Filter driver (Microsoft)
  1440. svchost.exe Host Process for Windows Services
  1441. swenum.sys Plug and Play Software Device Enumerator (Microsoft)
  1442. sysmain.dll SysMain Service Host
  1443. tbs.sys Export driver for kernel mode TPM API (Microsoft)
  1444. tcpip.sys TCP/IP Protocol driver (Microsoft)
  1445. tcpipreg.sys Microsoft Windows TCP/IP Registry Compatibility driver (Microsoft)
  1446. TDI.SYS TDI Wrapper driver (Microsoft)
  1447. tdx.sys NetIO Legacy TDI x-bit Support Driver (Microsoft)
  1448. tm.sys Kernel Transaction Manager driver (Microsoft)
  1449. ucrtbase.dll Microsoft® C Runtime Library
  1450. ucx01000.sys USB Controller Extension (Microsoft)
  1451. umbus.sys User-Mode Bus Enumerator (Microsoft)
  1452. usbccgp.sys USB Common Class Generic Parent Driver (Microsoft)
  1453. USBD.SYS Universal Serial Bus Driver (Microsoft)
  1454. usbehci.sys EHCI eUSB Miniport Driver (Microsoft)
  1455. usbhub.sys Default Hub Driver for USB (Microsoft)
  1456. UsbHub3.sys USB3 HUB driver (Microsoft)
  1457. usbohci.sys OHCI USB Miniport Driver (Microsoft)
  1458. USBPORT.SYS USB 1.1 & 2.0 Port Driver (Microsoft)
  1459. usbvideo.sys USB Video Class Driver (Microsoft)
  1460. USBXHCI.SYS USB XHCI driver (Microsoft)
  1461. vdrvroot.sys Virtual Drive Root Enumerator (Microsoft)
  1462. volmgr.sys Volume Manager Driver (Microsoft)
  1463. volmgrx.sys Volume Manager Extension Driver (Microsoft)
  1464. volsnap.sys Volume Shadow Copy driver (Microsoft)
  1465. volume.sys Volume driver (Microsoft)
  1466. vwifibus.sys Virtual Wireless Bus driver (Microsoft)
  1467. vwififlt.sys Virtual WiFi Filter Driver (Microsoft)
  1468. vwifimp.sys Virtual WiFi Miniport Driver (Microsoft)
  1469. wanarp.sys MS Remote Access and Routing ARP driver (Microsoft)
  1470. watchdog.sys Watchdog driver (Microsoft)
  1471. wcifs.sys Windows Container Isolation FS Filter driver (Microsoft)
  1472. Wdf01000.sys Kernel Mode Driver Framework Runtime (Microsoft)
  1473. WdFilter.sys Microsoft Anti-malware file system filter driver (Microsoft)
  1474. WDFLDR.SYS Kernel Mode Driver Framework Loader (Microsoft)
  1475. WdNisDrv.sys Microsoft Network Realtime Inspection driver (Microsoft)
  1476. werkernel.sys Windows Error Reporting Kernel driver (Microsoft)
  1477. wfplwfs.sys WPF NDIS Lightweight Filter driver (Microsoft)
  1478. win32k.sys Full/Desktop Multi-User Win32 driver (Microsoft)
  1479. win32kbase.sys Base Win32k Kernel Driver (Microsoft)
  1480. win32kfull.sys Full/Desktop Win32k Kernel Driver (Microsoft)
  1481. win32u.dll Win32u
  1482. WindowsTrustedRT.sys Windows Trusted Runtime Interface driver (Microsoft)
  1483. WindowsTrustedRTProxy.sys Windows Trusted Runtime Service Proxy driver (Microsoft)
  1484. winhvr.sys Windows Hypervisor Root Interface driver (Microsoft)
  1485. WINSTA.dll Winstation Library
  1486. WLDP.DLL Windows Lockdown Policy
  1487. wmiacpi.sys Windows Management Interface for ACPI (Microsoft)
  1488. WMILIB.SYS WMILIB WMI support library DLL (Microsoft)
  1489. Wof.sys Windows Overlay Filter (Microsoft)
  1490. WppRecorder.sys WPP Trace Recorder (Microsoft)
  1491. wtsapi32.dll Windows Remote Desktop Session Host Server SDK APIs
  1492. XmlLite.dll Microsoft XmlLite Library
  1493.  
  1494. ====================== Dump #2: UNLOADED MODULES =======================
  1495.  
  1496. fffff806`5f940000 fffff806`5f951000 MSKSSRV.sys
  1497. fffff806`5fcd0000 fffff806`5fcdf000 dump_storport.sys
  1498. fffff806`5fd20000 fffff806`5fd53000 dump_storahci.sys
  1499. fffff806`5fd80000 fffff806`5fd9e000 dump_dumpfve.sys
  1500. fffff806`606c0000 fffff806`606cc000 WdmCompanionFilter.sys
  1501. fffff806`5f760000 fffff806`5f77c000 dam.sys
  1502. fffff806`5d800000 fffff806`5d811000 WdBoot.sys
  1503. fffff806`5d7f0000 fffff806`5d7f9000 MbamElam.sys
  1504. fffff806`5e930000 fffff806`5e940000 hwpolicy.sys
  1505.  
  1506. ====================== Dump #2: BIOS INFORMATION =======================
  1507.  
  1508. [SMBIOS Data Tables v2.8]
  1509. [DMI Version - 0]
  1510. [2.0 Calling Convention - No]
  1511. [Table Size - 1471 bytes]
  1512. [BIOS Information (Type 0) - Length 24 - Handle 0000h]
  1513. Vendor Insyde Corp.
  1514. BIOS Version V1.15
  1515. BIOS Starting Address Segment e000
  1516. BIOS Release Date 07/06/2015
  1517. BIOS ROM Size 800000
  1518. BIOS Characteristics
  1519. 07: - PCI Supported
  1520. 11: - Upgradeable FLASH BIOS
  1521. 12: - BIOS Shadowing Supported
  1522. 15: - CD-Boot Supported
  1523. 16: - Selectable Boot Supported
  1524. 19: - EDD Supported
  1525. 20: - NEC 9800 J-Floppy Supported
  1526. 21: - Toshiba J-Floppy Supported
  1527. 22: - 360KB Floppy Supported
  1528. 23: - 1.2MB Floppy Supported
  1529. 24: - 720KB Floppy Supported
  1530. 25: - 2.88MB Floppy Supported
  1531. 27: - Keyboard Services Supported
  1532. 30: - CGA/Mono Services Supported
  1533. BIOS Characteristic Extensions
  1534. 00: - ACPI Supported
  1535. 01: - USB Legacy Supported
  1536. 08: - BIOS Boot Specification Supported
  1537. 10: - Specification Reserved
  1538. 11: - Specification Reserved
  1539. BIOS Major Revision 1
  1540. BIOS Minor Revision 15
  1541. EC Firmware Major Revision 1
  1542. EC Firmware Minor Revision 15
  1543. [System Information (Type 1) - Length 27 - Handle 0001h]
  1544. Manufacturer Acer
  1545. Product Name Aspire E5-551G
  1546. Version V1.15
  1547. UUID 00000000-0000-0000-0000-000000000000
  1548. Wakeup Type Power Switch
  1549. SKUNumber Aspire E5-551G_086A_V1.15
  1550. Family KV
  1551. [BaseBoard Information (Type 2) - Length 16 - Handle 0002h]
  1552. Manufacturer Acer
  1553. Product EA50_KV
  1554. Version V1.15
  1555. Feature Flags 09h
  1556. -2052737312: - -2052737264: - «Eºþ
  1557. Location Base Board Chassis Location
  1558. Chassis Handle 0003h
  1559. Board Type 0ah - Processor/Memory Module
  1560. Number of Child Handles 0
  1561. [System Enclosure (Type 3) - Length 23 - Handle 0003h]
  1562. Manufacturer Acer
  1563. Chassis Type Notebook
  1564. Version Chassis Version
  1565. Bootup State Safe
  1566. Power Supply State Safe
  1567. Thermal State Safe
  1568. Security Status None
  1569. OEM Defined 0
  1570. Height 0U
  1571. Number of Power Cords 1
  1572. Number of Contained Elements 0
  1573. Contained Element Size 0
  1574. [Processor Information (Type 4) - Length 42 - Handle 0004h]
  1575. Socket Designation Socket FP3
  1576. Processor Type Central Processor
  1577. Processor Family 48h - Specification Reserved
  1578. Processor Manufacturer AMD processor
  1579. Processor ID 010f6300fffb8b17
  1580. Processor Version AMD A10-7300 Radeon R6, 10 Compute Cores 4C+6G
  1581. Processor Voltage 8ah - 1.0V
  1582. External Clock 100MHz
  1583. Max Speed 1900MHz
  1584. Current Speed 1900MHz
  1585. Status Enabled Populated
  1586. Processor Upgrade None
  1587. L1 Cache Handle 0005h
  1588. L2 Cache Handle 0006h
  1589. L3 Cache Handle [Not Present]
  1590. Part Number FFFF
  1591. [Cache Information (Type 7) - Length 19 - Handle 0005h]
  1592. Socket Designation L1 Cache
  1593. Cache Configuration 0180h - WB Enabled Int NonSocketed L1
  1594. Maximum Cache Size 0100h - 256K
  1595. Installed Size 0100h - 256K
  1596. Supported SRAM Type 0010h - Pipeline-Burst
  1597. Current SRAM Type 0010h - Pipeline-Burst
  1598. Cache Speed 1ns
  1599. Error Correction Type Specification Reserved
  1600. System Cache Type Unified
  1601. Associativity 2-way Set-Associative
  1602. [Cache Information (Type 7) - Length 19 - Handle 0006h]
  1603. Socket Designation L2 Cache
  1604. Cache Configuration 0181h - WB Enabled Int NonSocketed L2
  1605. Maximum Cache Size 8040h - 4096K
  1606. Installed Size 8040h - 4096K
  1607. Supported SRAM Type 0010h - Pipeline-Burst
  1608. Current SRAM Type 0010h - Pipeline-Burst
  1609. Cache Speed 1ns
  1610. Error Correction Type Specification Reserved
  1611. System Cache Type Unified
  1612. Associativity 16-way Set-Associative
  1613. [Onboard Devices Information (Type 10) - Length 6 - Handle 0007h]
  1614. Number of Devices 1
  1615. 01: Type Video [enabled]
  1616. 01: Description Video Graphics Controller
  1617. [Onboard Devices Information (Type 10) - Length 6 - Handle 0008h]
  1618. Number of Devices 1
  1619. 01: Type Ethernet [enabled]
  1620. 01: Description Realtek Lan Controller
  1621. [OEM Strings (Type 11) - Length 5 - Handle 0009h]
  1622. Number of Strings 5
  1623. 1 Acer System
  1624. 2 String2 for Original Equipment Manufacturer
  1625. 3 String3 for Original Equipment Manufacturer
  1626. 4 String4 for Original Equipment Manufacturer
  1627. 5 String5 for Original Equipment Manufacturer
  1628. [System Configuration Options (Type 12) - Length 5 - Handle 000ah]
  1629. [Physical Memory Array (Type 16) - Length 23 - Handle 000bh]
  1630. Location 03h - SystemBoard/Motherboard
  1631. Use 03h - System Memory
  1632. Memory Error Correction 03h - None
  1633. Maximum Capacity 33554432KB
  1634. Number of Memory Devices 2
  1635. [Memory Device (Type 17) - Length 40 - Handle 000ch]
  1636. Physical Memory Array Handle 000bh
  1637. Total Width 0 bits
  1638. Data Width 0 bits
  1639. Form Factor 00h - Specification Reserved
  1640. Device Locator DIMM 0
  1641. Bank Locator CHANNEL A
  1642. Memory Type 02h - Unknown
  1643. Type Detail 0004h - Unknown
  1644. Speed 0MHz
  1645. Manufacturer Empty
  1646. Part Number Empty
  1647. [Memory Device (Type 17) - Length 40 - Handle 000dh]
  1648. Physical Memory Array Handle 000bh
  1649. Total Width 64 bits
  1650. Data Width 64 bits
  1651. Size 8192MB
  1652. Form Factor 0dh - SODIMM
  1653. Device Locator DIMM 0
  1654. Bank Locator CHANNEL B
  1655. Memory Type 18h - Specification Reserved
  1656. Type Detail 4080h - Synchronous
  1657. Speed 1600MHz
  1658. Manufacturer Kingston
  1659. Part Number ACR16D3LS1KNG/8G
  1660. [Memory Array Mapped Address (Type 19) - Length 31 - Handle 000eh]
  1661. Starting Address 00000000h
  1662. Ending Address 007fffffh
  1663. Memory Array Handle 000bh
  1664. Partition Width 255
  1665. [Memory Device Mapped Address (Type 20) - Length 35 - Handle 000fh]
  1666. Starting Address 00000000h
  1667. Ending Address 007fffffh
  1668. Memory Device Handle 000dh
  1669. Mem Array Mapped Adr Handle 000eh
  1670.  
  1671. ========================== Dump #2: Extra #1 ===========================
  1672.  
  1673. 2: kd> !verifier
  1674. Verify Flags Level 0x00000000
  1675. STANDARD FLAGS:
  1676. [ ] (0x00000000) Automatic Checks
  1677. [ ] (0x00000001) Special pool
  1678. [ ] (0x00000002) Force IRQL checking
  1679. [ ] (0x00000008) Pool tracking
  1680. [ ] (0x00000010) I/O verification
  1681. [ ] (0x00000020) Deadlock detection
  1682. [ ] (0x00000080) DMA checking
  1683. [ ] (0x00000100) Security checks
  1684. [ ] (0x00000800) Miscellaneous checks
  1685. [ ] (0x00020000) DDI compliance checking
  1686. ADDITIONAL FLAGS:
  1687. [ ] (0x00000004) Randomized low resources simulation
  1688. [ ] (0x00000200) Force pending I/O requests
  1689. [ ] (0x00000400) IRP logging
  1690. [ ] (0x00002000) Invariant MDL checking for stack
  1691. [ ] (0x00004000) Invariant MDL checking for driver
  1692. [ ] (0x00008000) Power framework delay fuzzing
  1693. [ ] (0x00010000) Port/miniport interface checking
  1694. [ ] (0x00040000) Systematic low resources simulation
  1695. [ ] (0x00080000) DDI compliance checking (additional)
  1696. [ ] (0x00200000) NDIS/WIFI verification
  1697. [ ] (0x00800000) Kernel synchronization delay fuzzing
  1698. [ ] (0x01000000) VM switch verification
  1699. [ ] (0x02000000) Code integrity checks
  1700. [X] Indicates flag is enabled
  1701. Summary of All Verifier Statistics
  1702. RaiseIrqls 0x0
  1703. AcquireSpinLocks 0x0
  1704. Synch Executions 0x0
  1705. Trims 0x0
  1706. Pool Allocations Attempted 0x0
  1707. Pool Allocations Succeeded 0x0
  1708. Pool Allocations Succeeded SpecialPool 0x0
  1709. Pool Allocations With NO TAG 0x0
  1710. Pool Allocations Failed 0x0
  1711. Current paged pool allocations 0x0 for 00000000 bytes
  1712. Peak paged pool allocations 0x0 for 00000000 bytes
  1713. Current nonpaged pool allocations 0x0 for 00000000 bytes
  1714. Peak nonpaged pool allocations 0x0 for 00000000 bytes
  1715.  
  1716. ========================== Dump #2: Extra #2 ===========================
  1717.  
  1718. 2: kd> !thread
  1719. THREAD ffffbf034bf6e080 Cid 08cc.0910 Teb: 00000044fa26c000 Win32Thread: 0000000000000000 RUNNING on processor 2
  1720. Impersonation token: ffffae0386276970 (Level Impersonation)
  1721. Owning Process ffffbf034bf18080 Image: svchost.exe
  1722. Attached Process N/A Image: N/A
  1723. Wait Start TickCount 5387 Ticks: 0
  1724. Context Switch Count 559 IdealProcessor: 2
  1725. UserTime 00:00:00.812
  1726. KernelTime 00:00:00.687
  1727. Win32 Start Address sechost!ScSvcctrlThreadA (0x00007ff9307fddf0)
  1728. Stack Init fffff60f368fbc90 Current fffff60f368faf00
  1729. Base fffff60f368fc000 Limit fffff60f368f6000 Call 0000000000000000
  1730. Priority 7 BasePriority 7 PriorityDecrement 0 IoPriority 2 PagePriority 5
  1731. Child-SP RetAddr : Args to Child : Call Site
  1732. fffff60f`368fb2a8 fffff806`5b60649b : 00000000`0000001a 00000000`00008887 ffff9a00`05dfcd50 ffff9a00`0bfbb930 : nt!KeBugCheckEx
  1733. fffff60f`368fb2b0 fffff806`5b4e5333 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000004 : nt!MiUnlinkPageFromList+0x1ebb0b
  1734. fffff60f`368fb390 fffff806`5b55e442 : ffff9a00`05dfcd50 00000000`00000000 00000000`00000000 00000000`00000000 : nt!MiRelinkStandbyPage+0x23
  1735. fffff60f`368fb3c0 fffff806`5b7fe02d : ffffbf03`45449000 00000044`fa4f9e48 00000044`fa4f9e48 00000000`00000000 : nt!MmSetPfnListInfo+0x23a
  1736. fffff60f`368fb4e0 fffff806`5b838476 : 00000000`00000000 0a000001`f426a025 fffff60f`368fb660 ffffbf03`45449000 : nt!PfpPfnPrioRequest+0x27d
  1737. fffff60f`368fb560 fffff806`5b837b0d : fffff60f`00000000 00000000`00000000 00000000`00000000 fffff806`00000001 : nt!PfSetSuperfetchInformation+0x10e
  1738. fffff60f`368fb660 fffff806`5b5ef475 : 00000000`00000000 00000000`00000000 fffff60f`368fbb80 00000000`000007fd : nt!NtSetSystemInformation+0x28d
  1739. fffff60f`368fbb00 00007ff9`3104e2c4 : 00007ff9`254de4be 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x25 (TrapFrame @ fffff60f`368fbb00)
  1740. 00000044`fa4f9d18 00007ff9`254de4be : 00000207`8fb9c870 00007ff9`254de676 00000000`00000000 00000208`90e21db0 : ntdll!NtSetSystemInformation+0x14
  1741. 00000044`fa4f9d20 00007ff9`254de438 : 00000000`00000000 00000208`90e21e48 00000208`90e21db0 00000000`00000000 : sysmain!PfsPfnSetRequestIssue+0x1a
  1742. 00000044`fa4f9d50 00007ff9`254de304 : 00000000`00000000 00000044`fa4f9e00 00000208`90e21e40 00000000`00000000 : sysmain!PfsPfnsSetPriorityHelper+0x110
  1743. 00000044`fa4f9da0 00007ff9`254f0d63 : 00000208`90e48ed0 00000208`90e48ed0 00000208`90e46b80 00000000`00000000 : sysmain!PfsPfnsQuerySetPriority+0x1fc
  1744. 00000044`fa4fd040 00007ff9`2552a242 : 00000208`90e46b80 00000000`00000001 00000000`00000003 00000044`fa4fe3e0 : sysmain!PfWsClassicWsMgrBootDeprioProcess+0x49057
  1745. 00000044`fa4fd0c0 00007ff9`2552a7d8 : 00000000`00000003 00000000`e4a9bbbd 00000044`fa4fd220 00000000`00000000 : sysmain!PfWsClassicWsMgrStart+0x3e
  1746. 00000044`fa4fd0f0 00007ff9`254f6a61 : 00000000`00020000 00000000`00000000 00000000`00000000 00000000`00000000 : sysmain!PfWsWsMgrsStart+0x64
  1747. 00000044`fa4fd120 00007ff9`2550b6ce : 00000000`00000000 00000044`fa4ff7e0 ffffffff`ffffffff 00000207`8f214870 : sysmain!PfSvcMainThreadWorker+0xbd1
  1748. 00000044`fa4ff780 00007ff9`254f7fff : 00000044`fa4ff7e0 00000000`00000000 00000000`00000000 00000044`00000004 : sysmain!PfSvcMainThread+0x22
  1749. 00000044`fa4ff7c0 00007ff6`0a154140 : 00000000`00000000 00000000`00000000 00000000`00000000 ffffffff`ffffffff : sysmain!SysMtServiceMain+0x10f
  1750. 00000044`fa4ff800 00007ff9`307fde18 : 00000000`00000000 00000207`8f2172f0 00000207`8f2172f0 00000000`00000000 : svchost!ServiceStarter+0x310
  1751. 00000044`fa4ff930 00007ff9`2f3e6fd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : sechost!ScSvcctrlThreadA+0x28
  1752. 00000044`fa4ff960 00007ff9`30ffcec1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
  1753. 00000044`fa4ff990 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!