Untitled

From Sole Ibis, 2 Years ago, written in Plain Text.

Embed

Download Paste or View Raw
Hits: 133

Opened log file 'E:\Windows\msdart_crashanalyzer_kd_ansi.log'

Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64

Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [E:\Windows\MEMORY.DMP]

Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Symbol Path validation summary **************

Response Time (ms) Location

Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Executable search path is:

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -

Windows 10 Kernel Version 19041 MP (8 procs) Free x64

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 19041.1.amd64fre.vb_release.191206-1406

Machine Name:

Kernel base = 0xfffff800`7be00000 PsLoadedModuleList = 0xfffff800`7ca2a310

Debug session time: Mon Sep 20 03:12:30.931 2021 (UTC - 8:00)

System Uptime: 0 days 6:10:01.548

*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -

Loading Kernel Symbols

...............................................................

.................Page 20001f64b too large to be in the dump file.

...............................................

................................................................

......

Loading User Symbols

Loading unloaded module list

.....................

************* Symbol Loading Error Summary **************

Module name Error

ntkrnlmp The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.

You should also verify that your symbol search path (.sympath) is correct.

No .natvis files found at X:\windows\system32\DebugTools\Visualizers.

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck BE, {ffff900035b3a334, 8a00000005300021, ffffdc82017c6550, a}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPCR ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KTHREAD ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

Probably caused by : ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!A371A2E91046000 )

Followup: MachineOwner

---------

6: kd> .logclose

Closing open log file E:\Windows\msdart_crashanalyzer_kd_ansi.log

Opened log file 'E:\Windows\msdart_crashanalyzer_kd_unicode.log'

6: kd> !analyze -v

*******************************************************************************

* *

* Bugcheck Analysis *

* *

*******************************************************************************

ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)

An attempt was made to write to readonly memory. The guilty driver is on the

stack trace (and is typically the current instruction pointer).

When possible, the guilty driver's name (Unicode string) is printed on

the bugcheck screen and saved in KiBugCheckDriver.

Arguments:

Arg1: ffff900035b3a334, Virtual address for the attempted write.

Arg2: 8a00000005300021, PTE contents.

Arg3: ffffdc82017c6550, (reserved)

Arg4: 000000000000000a, (reserved)

Debugging Details:

------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPCR ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KTHREAD ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_KPRCB ***

*** ***

*************************************************************************

SYSTEM_SKU: To be filled by O.E.M.

SYSTEM_VERSION: To be filled by O.E.M.

BIOS_DATE: 03/18/2014

BASEBOARD_PRODUCT: Z87X-UD3H-CF

BASEBOARD_VERSION: x.x

ADDITIONAL_DEBUG_TEXT:

You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

WRONG_SYMBOLS_TIMESTAMP: a371a2e9

WRONG_SYMBOLS_SIZE: 1046000

FAULTING_MODULE: fffff8007be00000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: a371a2e9

BUGCHECK_P1: ffff900035b3a334

BUGCHECK_P2: 8a00000005300021

BUGCHECK_P3: ffffdc82017c6550

BUGCHECK_P4: a

CPU_COUNT: 8

CPU_MHZ: d48

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CURRENT_IRQL: 0

ANALYSIS_VERSION: 10.0.10240.9 amd64fre

LAST_CONTROL_TRANSFER: from fffff8007c22f11a to fffff8007c1f3ea0

STACK_TEXT:

ffffdc82`017c6358 fffff800`7c22f11a : 00000000`000000be ffff9000`35b3a334 8a000000`05300021 ffffdc82`017c6550 : nt!KeBugCheckEx

ffffdc82`017c6360 fffff800`7c0eec6f : 8a000000`05300021 00000000`00000003 ffffdc82`017c65d0 00000000`00000000 : nt!memset+0x2809a

ffffdc82`017c63b0 fffff800`7c20205e : ffff9000`018cda70 fffff800`7c125b72 ffff9000`018cda70 00000000`00000000 : nt!SeAccessCheckWithHint+0x37ff

ffffdc82`017c6550 fffff800`7c0f9d81 : 000000fa`00000040 ffffa307`e840ed00 ffffa307`efb15740 fffff800`7ca51bf0 : nt!setjmpex+0x446e

ffffdc82`017c66e0 fffff800`7c1285ba : 00000000`00067b60 00000000`00000000 00000000`001fd9ba ffff9000`05f8d2e0 : nt!SeAccessCheckWithHint+0xe911

ffffdc82`017c6770 fffff800`7c111095 : 00000000`00000000 00000000`00000000 00000000`00000011 80000001`00000001 : nt!RtlAvlRemoveNode+0x3e3a

ffffdc82`017c67f0 fffff800`7c151f8e : ffffa307`f2a8e850 ffffdc82`017c6918 00000000`00000000 00000000`00000000 : nt!IoGetBaseFileSystemDeviceObject+0x1345

ffffdc82`017c68b0 fffff800`7c4e793e : 00000000`00088089 00000000`00000000 fffff800`7ca50b80 00000000`00088089 : nt!IoApplyPriorityInfoThread+0x42e

ffffdc82`017c6910 fffff800`7c17ad04 : ffffa307`00000001 ffffa307`efb15740 00000000`00000000 00000000`00000000 : nt!CcUnpinData+0x92e

ffffdc82`017c6960 fffff800`7c322f8d : 00000000`00000001 00000000`00000000 ffffdc82`017c69e0 ffffdc82`017c69e8 : nt!ExRegisterCallback+0x1e4

ffffdc82`017c6990 fffff800`7c2a793b : 00000000`00000000 ffffa307`efb15740 fffff800`7ca51228 fffff800`7ca51290 : nt!KeStallWhileFrozen+0xb29d

ffffdc82`017c69e0 fffff800`7c066dd5 : ffffa307`dafa1040 ffffa307`dafa1040 00000000`00000080 fffff800`7c1b8670 : nt!memset+0xa08bb

ffffdc82`017c6c10 fffff800`7c1fb4f8 : ffffca80`8f1d2180 ffffa307`dafa1040 fffff800`7c066d80 00000000`00000000 : nt!RtlEndEnumerationHashTable+0x905

ffffdc82`017c6c60 00000000`00000000 : ffffdc82`017c7000 ffffdc82`017c1000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x6438

STACK_COMMAND: kb

FOLLOWUP_IP:

nt!SeAccessCheckWithHint+37ff

fffff800`7c0eec6f e90ffeffff jmp nt!SeAccessCheckWithHint+0x3613 (fffff800`7c0eea83)

SYMBOL_STACK_INDEX: 2

FOLLOWUP_NAME: MachineOwner

BUGCHECK_STR: A371A2E9

EXCEPTION_CODE: (HRESULT) 0xa371a2e9 (2742133481) - <Unable to get error code text>

FAILURE_EXCEPTION_CODE: A371A2E9

EXCEPTION_STR: WRONG_SYMBOLS

IMAGE_NAME: ntoskrnl.wrong.symbols.exe

MODULE_NAME: nt_wrong_symbols

SYMBOL_NAME: nt_wrong_symbols!A371A2E91046000

BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441

DEFAULT_BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441

PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS

FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441_A371A2E9_nt_wrong_symbols!A371A2E91046000

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:wrong_symbols_x64_19041.1.amd64fre.vb_release.191206-1406_timestamp_561122-154441_a371a2e9_nt_wrong_symbols!a371a2e91046000

FAILURE_ID_HASH: {e49aa84d-2ad1-9204-635d-8eb9b164a458}

Followup: MachineOwner

---------

6: kd> !thread

*************************************************************************

*** ***

*** ***

*** Either you specified an unqualified symbol, or your debugger ***

*** doesn't have full symbol information. Unqualified symbol ***

*** resolution is turned off by default. Please either specify a ***

*** fully qualified symbol module!symbolname, or enable resolution ***

*** of unqualified symbols by typing ".symopt- 100". Note that ***

*** enabling unqualified symbol resolution with network symbol ***

*** server shares in the symbol path may cause the debugger to ***

*** appear to hang for long periods of time when an incorrect ***

*** symbol name is typed or the network symbol server is down. ***

*** ***

*** For some commands to work properly, your symbol path ***

*** must point to .pdb files that have full type information. ***

*** ***

*** Certain .pdb files (such as the public OS symbols) do not ***

*** contain the required information. Contact the group that ***

*** provided you with these symbols if you need this command to ***

*** work. ***

*** ***

*** Type referenced: nt!_ETHREAD ***

*** ***

*************************************************************************

ffffa307dafa1040: Unable to get thread contents

6: kd> lm kv

start end module name

ffff944c`38a60000 ffff944c`38afa000 win32k (deferred)

Image path: \SystemRoot\System32\win32k.sys

Image name: win32k.sys

Timestamp: ***** Invalid (E87370BB)

CheckSum: 0009C34C

ImageSize: 0009A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

ffff944c`38cc0000 ffff944c`38fa2000 win32kbase (deferred)

Image path: \SystemRoot\System32\win32kbase.sys

Image name: win32kbase.sys

Timestamp: ***** Invalid (883B3E7C)

CheckSum: 002DB69F

ImageSize: 002E2000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

ffff944c`39000000 ffff944c`39048000 cdd (deferred)

Image path: \SystemRoot\System32\cdd.dll

Image name: cdd.dll

Timestamp: Mon Jan 22 05:06:28 1996 (31038BD4)

CheckSum: 0004D704

ImageSize: 00048000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

ffff944c`39c10000 ffff944c`39fc6000 win32kfull (deferred)

Image path: \SystemRoot\System32\win32kfull.sys

Image name: win32kfull.sys

Timestamp: ***** Invalid (EBAA7588)

CheckSum: 003A7C43

ImageSize: 003B6000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7ac10000 fffff800`7ae9f000 mcupdate_GenuineIntel (deferred)

Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll

Image name: mcupdate_GenuineIntel.dll

Timestamp: ***** Invalid (9FB1DE46)

CheckSum: 0028C60B

ImageSize: 0028F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7aea0000 fffff800`7aea6000 hal (deferred)

Image path: hal.dll

Image name: hal.dll

Timestamp: Mon Jan 30 08:29:29 1984 (1A7BE8E9)

CheckSum: 0000CE9F

ImageSize: 00006000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7aeb0000 fffff800`7aebb000 kd (deferred)

Image path: \SystemRoot\system32\kd.dll

Image name: kd.dll

Timestamp: ***** Invalid (FE185FA8)

CheckSum: 00004EF6

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7aec0000 fffff800`7aee7000 tm (deferred)

Image path: \SystemRoot\System32\drivers\tm.sys

Image name: tm.sys

Timestamp: Thu Nov 24 15:38:59 2011 (4ECED593)

CheckSum: 00029C42

ImageSize: 00027000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7aef0000 fffff800`7af59000 CLFS (deferred)

Image path: \SystemRoot\System32\drivers\CLFS.SYS

Image name: CLFS.SYS

Timestamp: Fri Dec 30 13:11:01 2005 (43B5A265)

CheckSum: 0006BD72

ImageSize: 00069000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7af60000 fffff800`7af7a000 PSHED (deferred)

Image path: \SystemRoot\system32\PSHED.dll

Image name: PSHED.dll

Timestamp: Sun Aug 01 12:44:09 2010 (4C55DC99)

CheckSum: 000201A9

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7af80000 fffff800`7af8b000 BOOTVID (deferred)

Image path: \SystemRoot\system32\BOOTVID.dll

Image name: BOOTVID.dll

Timestamp: ***** Invalid (D13EE5B6)

CheckSum: 00013A3C

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7af90000 fffff800`7afff000 FLTMGR (deferred)

Image path: \SystemRoot\System32\drivers\FLTMGR.SYS

Image name: FLTMGR.SYS

Timestamp: Mon May 03 20:30:30 1971 (02839B66)

CheckSum: 00072E12

ImageSize: 0006F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7b000000 fffff800`7b00e000 cmimcext (deferred)

Image path: \SystemRoot\System32\drivers\cmimcext.sys

Image name: cmimcext.sys

Timestamp: ***** Invalid (94809681)

CheckSum: 00010F8E

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7be00000 fffff800`7ce46000 nt (export symbols) ntkrnlmp.exe

Loaded symbol image file: ntkrnlmp.exe

Image path: ntkrnlmp.exe

Image name: ntkrnlmp.exe

Timestamp: ***** Invalid (A371A2E9)

CheckSum: 00A611D3

ImageSize: 01046000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`7eba0000 fffff800`7ebeb000 klupd_KLIF_klark (deferred)

Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klark.sys

Image name: klupd_KLIF_klark.sys

Timestamp: Wed Mar 24 02:58:59 2021 (605B1B73)

CheckSum: 00054599

ImageSize: 0004B000

File version: 4.7.3.0

Product version: 4.7.3.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Kaspersky Bases

InternalName: klark

OriginalFilename: klark.sys

ProductVersion: 4.7.3.0

FileVersion: 4.7.3.0

FileDescription: Kaspersky Lab Anti-Rootkit

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`80600000 fffff800`80713000 clipsp (deferred)

Image path: \SystemRoot\System32\drivers\clipsp.sys

Image name: clipsp.sys

Timestamp: Tue Sep 01 15:19:42 2020 (5F4ED70E)

CheckSum: 0011953D

ImageSize: 00113000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80720000 fffff800`80749000 ksecdd (deferred)

Image path: \SystemRoot\System32\drivers\ksecdd.sys

Image name: ksecdd.sys

Timestamp: Fri Sep 25 14:37:08 2020 (5F6E7114)

CheckSum: 0002AB02

ImageSize: 00029000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80750000 fffff800`807b2000 msrpc (deferred)

Image path: \SystemRoot\System32\drivers\msrpc.sys

Image name: msrpc.sys

Timestamp: ***** Invalid (BD46698A)

CheckSum: 00062C96

ImageSize: 00062000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`807c0000 fffff800`807d1000 werkernel (deferred)

Image path: \SystemRoot\System32\drivers\werkernel.sys

Image name: werkernel.sys

Timestamp: Wed Oct 17 15:21:51 1984 (1BD4610F)

CheckSum: 0000F1D5

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`807e0000 fffff800`807ec000 ntosext (deferred)

Image path: \SystemRoot\System32\drivers\ntosext.sys

Image name: ntosext.sys

Timestamp: Sun Jul 14 21:39:43 2030 (71DD3C9F)

CheckSum: 00009677

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`807f0000 fffff800`808d3000 CI (deferred)

Image path: \SystemRoot\system32\CI.dll

Image name: CI.dll

Timestamp: ***** Invalid (8BECF5E0)

CheckSum: 000E72BB

ImageSize: 000E3000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`808e0000 fffff800`80997000 cng (deferred)

Image path: \SystemRoot\System32\drivers\cng.sys

Image name: cng.sys

Timestamp: Tue May 30 08:27:56 1989 (2482C10C)

CheckSum: 000B7883

ImageSize: 000B7000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`809a0000 fffff800`80a71000 Wdf01000 (deferred)

Image path: \SystemRoot\system32\drivers\Wdf01000.sys

Image name: Wdf01000.sys

Timestamp: ***** Invalid (A9A9D36E)

CheckSum: 000D3980

ImageSize: 000D1000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80a80000 fffff800`80a93000 WDFLDR (deferred)

Image path: \SystemRoot\system32\drivers\WDFLDR.SYS

Image name: WDFLDR.SYS

Timestamp: ***** Invalid (977C0BBB)

CheckSum: 00013DC3

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80aa0000 fffff800`80aaf000 SleepStudyHelper (deferred)

Image path: \SystemRoot\system32\drivers\SleepStudyHelper.sys

Image name: SleepStudyHelper.sys

Timestamp: Thu May 23 08:28:59 2024 (664F6ECB)

CheckSum: 0000FC58

ImageSize: 0000F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80ab0000 fffff800`80ac1000 WppRecorder (deferred)

Image path: \SystemRoot\system32\drivers\WppRecorder.sys

Image name: WppRecorder.sys

Timestamp: Fri Mar 06 01:14:40 1981 (15060D00)

CheckSum: 0001415E

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80ad0000 fffff800`80af6000 acpiex (deferred)

Image path: \SystemRoot\System32\Drivers\acpiex.sys

Image name: acpiex.sys

Timestamp: ***** Invalid (C8D60B44)

CheckSum: 000302D2

ImageSize: 00026000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80b00000 fffff800`80b4b000 mssecflt (deferred)

Image path: \SystemRoot\system32\drivers\mssecflt.sys

Image name: mssecflt.sys

Timestamp: ***** Invalid (A0E0786E)

CheckSum: 0004FC86

ImageSize: 0004B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80b50000 fffff800`80b6a000 SgrmAgent (deferred)

Image path: \SystemRoot\system32\drivers\SgrmAgent.sys

Image name: SgrmAgent.sys

Timestamp: ***** Invalid (A6474774)

CheckSum: 0001E4FC

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80b70000 fffff800`80c3c000 ACPI (deferred)

Image path: \SystemRoot\System32\drivers\ACPI.sys

Image name: ACPI.sys

Timestamp: Thu Feb 10 11:30:37 1994 (2D5A8B5D)

CheckSum: 000D341C

ImageSize: 000CC000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80c40000 fffff800`80c4c000 WMILIB (deferred)

Image path: \SystemRoot\System32\drivers\WMILIB.SYS

Image name: WMILIB.SYS

Timestamp: ***** Invalid (CD518505)

CheckSum: 00009CB9

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80c60000 fffff800`80ccb000 intelpep (deferred)

Image path: \SystemRoot\System32\drivers\intelpep.sys

Image name: intelpep.sys

Timestamp: ***** Invalid (81D95014)

CheckSum: 0007468F

ImageSize: 0006B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80cd0000 fffff800`80ce7000 WindowsTrustedRT (deferred)

Image path: \SystemRoot\system32\drivers\WindowsTrustedRT.sys

Image name: WindowsTrustedRT.sys

Timestamp: Sat May 19 00:53:30 2035 (7AF9978A)

CheckSum: 0001BFFA

ImageSize: 00017000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80cf0000 fffff800`80cfb000 IntelTA (deferred)

Image path: \SystemRoot\System32\drivers\IntelTA.sys

Image name: IntelTA.sys

Timestamp: ***** Invalid (AFECFEC8)

CheckSum: 00008349

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80d00000 fffff800`80d0b000 WindowsTrustedRTProxy (deferred)

Image path: \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys

Image name: WindowsTrustedRTProxy.sys

Timestamp: ***** Invalid (AA5F5790)

CheckSum: 00007869

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80d10000 fffff800`80d24000 pcw (deferred)

Image path: \SystemRoot\System32\drivers\pcw.sys

Image name: pcw.sys

Timestamp: ***** Invalid (D212A83E)

CheckSum: 000163F7

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80d30000 fffff800`80d70000 klupd_klif_arkmon (deferred)

Image path: \SystemRoot\system32\DRIVERS\klupd_klif_arkmon.sys

Image name: klupd_klif_arkmon.sys

Timestamp: Wed Mar 24 02:36:11 2021 (605B161B)

CheckSum: 00043547

ImageSize: 00040000

File version: 2.7.4.0

Product version: 2.7.4.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Kaspersky Bases

InternalName: arkmon

OriginalFilename: arkmon.sys

ProductVersion: 2.7.4.0

FileVersion: 2.7.4.0

FileDescription: Kaspersky Lab Anti-Rootkit Monitor Driver

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`80d80000 fffff800`80d8b000 msisadrv (deferred)

Image path: \SystemRoot\System32\drivers\msisadrv.sys

Image name: msisadrv.sys

Timestamp: ***** Invalid (D84D625E)

CheckSum: 0000B688

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80d90000 fffff800`80da5000 vdrvroot (deferred)

Image path: \SystemRoot\System32\drivers\vdrvroot.sys

Image name: vdrvroot.sys

Timestamp: ***** Invalid (E613EBA7)

CheckSum: 000184EC

ImageSize: 00015000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80db0000 fffff800`80ddf000 pdc (deferred)

Image path: \SystemRoot\system32\drivers\pdc.sys

Image name: pdc.sys

Timestamp: Sat May 26 23:23:12 1984 (1B16F9E0)

CheckSum: 000324F1

ImageSize: 0002F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80de0000 fffff800`80df9000 CEA (deferred)

Image path: \SystemRoot\system32\drivers\CEA.sys

Image name: CEA.sys

Timestamp: Thu Jun 10 08:40:49 2032 (75736B91)

CheckSum: 00022BC5

ImageSize: 00019000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80e00000 fffff800`80e78000 pci (deferred)

Image path: \SystemRoot\System32\drivers\pci.sys

Image name: pci.sys

Timestamp: Wed Jul 29 03:09:24 2037 (7F1B0A64)

CheckSum: 0007F6EF

ImageSize: 00078000

File version: 10.0.19041.488

Product version: 10.0.19041.488

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: pci.sys

OriginalFilename: pci.sys

ProductVersion: 10.0.19041.488

FileVersion: 10.0.19041.488 (WinBuild.160101.0800)

FileDescription: NT Plug and Play PCI Enumerator

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`80e80000 fffff800`80eb1000 partmgr (deferred)

Image path: \SystemRoot\System32\drivers\partmgr.sys

Image name: partmgr.sys

Timestamp: Sat Aug 06 18:26:06 2016 (57A69C3E)

CheckSum: 0002D745

ImageSize: 00031000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80ec0000 fffff800`80f6a000 spaceport (deferred)

Image path: \SystemRoot\System32\drivers\spaceport.sys

Image name: spaceport.sys

Timestamp: ***** Invalid (ABAEDF84)

CheckSum: 000B3A4F

ImageSize: 000AA000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80f70000 fffff800`80f89000 volmgr (deferred)

Image path: \SystemRoot\System32\drivers\volmgr.sys

Image name: volmgr.sys

Timestamp: Thu Nov 20 06:06:06 2025 (691F204E)

CheckSum: 00021FF2

ImageSize: 00019000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`80f90000 fffff800`80ff3000 volmgrx (deferred)

Image path: \SystemRoot\System32\drivers\volmgrx.sys

Image name: volmgrx.sys

Timestamp: Fri Nov 29 10:04:07 2013 (5298D717)

CheckSum: 0006AB53

ImageSize: 00063000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81000000 fffff800`8101e000 mountmgr (deferred)

Image path: \SystemRoot\System32\drivers\mountmgr.sys

Image name: mountmgr.sys

Timestamp: Fri May 11 14:20:58 2029 (6FA7424A)

CheckSum: 00024BD0

ImageSize: 0001E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81020000 fffff800`810b5000 mvs91xx (deferred)

Image path: \SystemRoot\System32\drivers\mvs91xx.sys

Image name: mvs91xx.sys

Timestamp: Tue Jan 19 21:47:12 2016 (569F1F60)

CheckSum: 000577B0

ImageSize: 00095000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`810c0000 fffff800`81170000 storport (deferred)

Image path: \SystemRoot\System32\drivers\storport.sys

Image name: storport.sys

Timestamp: ***** Invalid (8566CB6A)

CheckSum: 000B9B99

ImageSize: 000B0000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81180000 fffff800`81188000 mvxxmm (deferred)

Image path: \SystemRoot\System32\drivers\mvxxmm.sys

Image name: mvxxmm.sys

Timestamp: Tue Jan 19 21:46:43 2016 (569F1F43)

CheckSum: 0000BA29

ImageSize: 00008000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81190000 fffff800`812bf000 iaStorE (deferred)

Image path: \SystemRoot\System32\drivers\iaStorE.sys

Image name: iaStorE.sys

Timestamp: Mon Jan 13 13:05:06 2020 (5E1CDB82)

CheckSum: 00110008

ImageSize: 0012F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`812e0000 fffff800`812fa000 fileinfo (deferred)

Image path: \SystemRoot\System32\drivers\fileinfo.sys

Image name: fileinfo.sys

Timestamp: ***** Invalid (AEE275C2)

CheckSum: 0002169B

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81300000 fffff800`81340000 Wof (deferred)

Image path: \SystemRoot\System32\Drivers\Wof.sys

Image name: Wof.sys

Timestamp: ***** Invalid (97F984C4)

CheckSum: 0003D008

ImageSize: 00040000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81350000 fffff800`81629000 Ntfs (deferred)

Image path: \SystemRoot\System32\Drivers\Ntfs.sys

Image name: Ntfs.sys

Timestamp: Sun Dec 21 22:54:01 1997 (349E0E89)

CheckSum: 002C1FB0

ImageSize: 002D9000

File version: 10.0.19041.508

Product version: 10.0.19041.508

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: ntfs.sys

OriginalFilename: ntfs.sys

ProductVersion: 10.0.19041.508

FileVersion: 10.0.19041.508 (WinBuild.160101.0800)

FileDescription: NT File System Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`81630000 fffff800`8163d000 Fs_Rec (deferred)

Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys

Image name: Fs_Rec.sys

Timestamp: ***** Invalid (B9E5C55C)

CheckSum: 00017B4B

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81640000 fffff800`817af000 ndis (deferred)

Image path: \SystemRoot\system32\drivers\ndis.sys

Image name: ndis.sys

Timestamp: ***** Invalid (A3B0E6FE)

CheckSum: 0016EB12

ImageSize: 0016F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`817b0000 fffff800`81848000 NETIO (deferred)

Image path: \SystemRoot\system32\drivers\NETIO.SYS

Image name: NETIO.SYS

Timestamp: Wed Jul 22 02:46:16 2015 (55AF7478)

CheckSum: 000A160A

ImageSize: 00098000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81850000 fffff800`81882000 ksecpkg (deferred)

Image path: \SystemRoot\System32\Drivers\ksecpkg.sys

Image name: ksecpkg.sys

Timestamp: ***** Invalid (EB0A8339)

CheckSum: 0002E880

ImageSize: 00032000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81890000 fffff800`81b7c000 tcpip (deferred)

Image path: \SystemRoot\System32\drivers\tcpip.sys

Image name: tcpip.sys

Timestamp: ***** Invalid (9976B086)

CheckSum: 002E509B

ImageSize: 002EC000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81b80000 fffff800`81bff000 fwpkclnt (deferred)

Image path: \SystemRoot\System32\drivers\fwpkclnt.sys

Image name: fwpkclnt.sys

Timestamp: Wed Dec 18 17:08:15 1985 (1E076A7F)

CheckSum: 0007F498

ImageSize: 0007F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81c00000 fffff800`81c30000 wfplwfs (deferred)

Image path: \SystemRoot\System32\drivers\wfplwfs.sys

Image name: wfplwfs.sys

Timestamp: Mon Mar 31 19:31:38 1997 (3340819A)

CheckSum: 00035119

ImageSize: 00030000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81c40000 fffff800`81d09000 fvevol (deferred)

Image path: \SystemRoot\System32\DRIVERS\fvevol.sys

Image name: fvevol.sys

Timestamp: Sat Nov 26 02:24:12 1994 (2ED70CCC)

CheckSum: 000C5DEF

ImageSize: 000C9000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81d10000 fffff800`81d1c000 apmwin (deferred)

Image path: \SystemRoot\system32\DRIVERS\apmwin.sys

Image name: apmwin.sys

Timestamp: Wed Dec 28 01:12:34 2016 (58638202)

CheckSum: 00012FAA

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81d20000 fffff800`81d33000 gpt_loader (deferred)

Image path: \SystemRoot\system32\DRIVERS\gpt_loader.sys

Image name: gpt_loader.sys

Timestamp: Wed Dec 28 01:12:24 2016 (586381F8)

CheckSum: 00014F27

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81d40000 fffff800`81d4f000 mounthlp (deferred)

Image path: \SystemRoot\system32\DRIVERS\mounthlp.sys

Image name: mounthlp.sys

Timestamp: Wed Dec 28 01:12:27 2016 (586381FB)

CheckSum: 0000FBFA

ImageSize: 0000F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81d50000 fffff800`81d5b000 volume (deferred)

Image path: \SystemRoot\System32\drivers\volume.sys

Image name: volume.sys

Timestamp: ***** Invalid (83CF10C9)

CheckSum: 000083D7

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81d60000 fffff800`81dcd000 volsnap (deferred)

Image path: \SystemRoot\System32\drivers\volsnap.sys

Image name: volsnap.sys

Timestamp: ***** Invalid (8AFD80F6)

CheckSum: 00077353

ImageSize: 0006D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81dd0000 fffff800`81e20000 rdyboost (deferred)

Image path: \SystemRoot\System32\drivers\rdyboost.sys

Image name: rdyboost.sys

Timestamp: Fri Feb 25 08:44:32 2033 (76CA3270)

CheckSum: 00048E48

ImageSize: 00050000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81e30000 fffff800`81e56000 mup (deferred)

Image path: \SystemRoot\System32\Drivers\mup.sys

Image name: mup.sys

Timestamp: ***** Invalid (FB1EDB95)

CheckSum: 0002B433

ImageSize: 00026000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81e60000 fffff800`81e79000 klupd_KLIF_klbg (deferred)

Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klbg.sys

Image name: klupd_KLIF_klbg.sys

Timestamp: Wed Mar 24 02:58:58 2021 (605B1B72)

CheckSum: 000257EF

ImageSize: 00019000

File version: 11.7.3.0

Product version: 11.7.3.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Kaspersky Bases

InternalName: klbg

OriginalFilename: klbg.sys

ProductVersion: 11.7.3.0

FileVersion: 11.7.3.0

FileDescription: Kaspersky Lab Boot Guard Driver

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`81e80000 fffff800`81e92000 iorate (deferred)

Image path: \SystemRoot\system32\drivers\iorate.sys

Image name: iorate.sys

Timestamp: ***** Invalid (94A693A6)

CheckSum: 0001BF87

ImageSize: 00012000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81ea0000 fffff800`81eab000 iaStorF (deferred)

Image path: \SystemRoot\System32\drivers\iaStorF.sys

Image name: iaStorF.sys

Timestamp: Fri Nov 24 02:31:28 2017 (5A17F500)

CheckSum: 00016CC4

ImageSize: 0000B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81ed0000 fffff800`81eec000 disk (deferred)

Image path: \SystemRoot\System32\drivers\disk.sys

Image name: disk.sys

Timestamp: Tue Feb 01 17:11:22 1994 (2D4EFDBA)

CheckSum: 00020B81

ImageSize: 0001C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`81ef0000 fffff800`81f5c000 CLASSPNP (deferred)

Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS

Image name: CLASSPNP.SYS

Timestamp: Tue Jun 30 09:16:26 1981 (159F6BEA)

CheckSum: 0006AD87

ImageSize: 0006C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82400000 fffff800`824d6000 peauth (deferred)

Image path: \SystemRoot\system32\drivers\peauth.sys

Image name: peauth.sys

Timestamp: Thu Jun 30 12:25:54 1977 (0E1978D2)

CheckSum: 000CAE00

ImageSize: 000D6000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`824e0000 fffff800`824fc000 rassstp (deferred)

Image path: \SystemRoot\System32\drivers\rassstp.sys

Image name: rassstp.sys

Timestamp: Fri Feb 01 21:39:06 2002 (3C5B7B7A)

CheckSum: 0001D4E6

ImageSize: 0001C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82500000 fffff800`8251d000 NDProxy (deferred)

Image path: \SystemRoot\System32\DRIVERS\NDProxy.sys

Image name: NDProxy.sys

Timestamp: ***** Invalid (D564EC29)

CheckSum: 00022253

ImageSize: 0001D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82520000 fffff800`82547000 AgileVpn (deferred)

Image path: \SystemRoot\System32\drivers\AgileVpn.sys

Image name: AgileVpn.sys

Timestamp: ***** Invalid (F4378452)

CheckSum: 00023624

ImageSize: 00027000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82550000 fffff800`82568000 uaspstor (deferred)

Image path: \SystemRoot\System32\drivers\uaspstor.sys

Image name: uaspstor.sys

Timestamp: Thu Jun 24 20:11:29 2004 (40DBA5F1)

CheckSum: 0001535A

ImageSize: 00018000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82570000 fffff800`82589000 klbackupdisk (deferred)

Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys

Image name: klbackupdisk.sys

Timestamp: Mon Jan 25 08:51:07 2021 (600EF6FB)

CheckSum: 00029377

ImageSize: 00019000

File version: 30.587.0.170

Product version: 30.587.0.170

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klbackupdisk

ProductVersion: 30.587.0.170-e30f0c58d6

FileVersion: 30.587.0.170

FileDescription: Backup Disk Filter [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`82590000 fffff800`825c0000 cdrom (deferred)

Image path: \SystemRoot\System32\drivers\cdrom.sys

Image name: cdrom.sys

Timestamp: ***** Invalid (D4B31131)

CheckSum: 000346A0

ImageSize: 00030000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`825d0000 fffff800`8265a000 klflt (deferred)

Image path: \SystemRoot\system32\DRIVERS\klflt.sys

Image name: klflt.sys

Timestamp: Fri Feb 19 05:50:35 2021 (602FC22B)

CheckSum: 00088DDE

ImageSize: 0008A000

File version: 30.587.0.1070

Product version: 30.587.0.1070

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klflt

ProductVersion: 30.587.0.1070-a81ac642e3

FileVersion: 30.587.0.1070

FileDescription: Filter Core [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`82660000 fffff800`82691000 klbackupflt (deferred)

Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys

Image name: klbackupflt.sys

Timestamp: Fri Feb 05 16:46:23 2021 (601DE6DF)

CheckSum: 00037AFC

ImageSize: 00031000

File version: 30.587.0.810

Product version: 30.587.0.810

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klbackupflt

ProductVersion: 30.587.0.810-636fda9fe5

FileVersion: 30.587.0.810

FileDescription: Backup File Filter [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`826a0000 fffff800`826b5000 filecrypt (deferred)

Image path: \SystemRoot\system32\drivers\filecrypt.sys

Image name: filecrypt.sys

Timestamp: Fri Mar 01 03:12:42 2002 (3C7F622A)

CheckSum: 0000FEC3

ImageSize: 00015000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`826c0000 fffff800`826ce000 tbs (deferred)

Image path: \SystemRoot\system32\drivers\tbs.sys

Image name: tbs.sys

Timestamp: ***** Invalid (BBC1ED87)

CheckSum: 00011119

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`826d0000 fffff800`827d9000 klif (deferred)

Image path: \SystemRoot\system32\DRIVERS\klif.sys

Image name: klif.sys

Timestamp: Fri Feb 19 05:51:17 2021 (602FC255)

CheckSum: 0010D1EF

ImageSize: 00109000

File version: 30.587.0.1070

Product version: 30.587.0.1070

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klif

ProductVersion: 30.587.0.1070-a81ac642e3

FileVersion: 30.587.0.1070

FileDescription: Core System Interceptors [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`827e0000 fffff800`82856000 ks (deferred)

Image path: \SystemRoot\system32\DRIVERS\ks.sys

Image name: ks.sys

Timestamp: ***** Invalid (F812DE3F)

CheckSum: 000751CB

ImageSize: 00076000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82860000 fffff800`829df000 klhk (deferred)

Image path: \SystemRoot\system32\DRIVERS\klhk.sys

Image name: klhk.sys

Timestamp: Mon Jan 25 08:51:13 2021 (600EF701)

CheckSum: 0015F58F

ImageSize: 0017F000

File version: 30.587.0.170

Product version: 30.587.0.170

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klhk

ProductVersion: 30.587.0.170-e30f0c58d6

FileVersion: 30.587.0.170

FileDescription: klhk [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`829e0000 fffff800`82a0b000 pacer (deferred)

Image path: \SystemRoot\System32\drivers\pacer.sys

Image name: pacer.sys

Timestamp: ***** Invalid (FECCC466)

CheckSum: 0003603B

ImageSize: 0002B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82a40000 fffff800`82a5e000 crashdmp (deferred)

Image path: \SystemRoot\System32\Drivers\crashdmp.sys

Image name: crashdmp.sys

Timestamp: ***** Invalid (9A19AF81)

CheckSum: 0002129E

ImageSize: 0001E000

File version: 10.0.19041.1

Product version: 10.0.19041.1

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: crashdmp.sys

OriginalFilename: crashdmp.sys

ProductVersion: 10.0.19041.1

FileVersion: 10.0.19041.1 (WinBuild.160101.0800)

FileDescription: Crash Dump Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`82ae0000 fffff800`82b1a000 ndiswan (deferred)

Image path: \SystemRoot\System32\drivers\ndiswan.sys

Image name: ndiswan.sys

Timestamp: ***** Invalid (88F100F4)

CheckSum: 0003FFCA

ImageSize: 0003A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82b20000 fffff800`82b57000 klupd_KLIF_mark (deferred)

Image path: \SystemRoot\System32\Drivers\klupd_KLIF_mark.sys

Image name: klupd_KLIF_mark.sys

Timestamp: Wed Mar 24 02:34:52 2021 (605B15CC)

CheckSum: 0003EA59

ImageSize: 00037000

File version: 6.6.3.0

Product version: 6.6.3.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Kaspersky Bases

InternalName: mark

OriginalFilename: mark.sys

ProductVersion: 6.6.3.0

FileVersion: 6.6.3.0

FileDescription: Kaspersky Lab Anti-Rootkit Memory Driver

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`82b60000 fffff800`82b9c000 klupd_KLIF_swmon (deferred)

Image path: \SystemRoot\System32\Drivers\klupd_KLIF_swmon.sys

Image name: klupd_KLIF_swmon.sys

Timestamp: Thu Aug 19 08:36:35 2021 (611E8893)

CheckSum: 00047C85

ImageSize: 0003C000

File version: 1.12.5.0

Product version: 1.12.5.0

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Kaspersky Bases

InternalName: swmon

OriginalFilename: swmon.sys

ProductVersion: 1.12.5.0

FileVersion: 1.12.5.0

FileDescription: Kaspersky Lab System Watcher Monitor Driver

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`82bb0000 fffff800`82bc4000 ndiscap (deferred)

Image path: \SystemRoot\System32\drivers\ndiscap.sys

Image name: ndiscap.sys

Timestamp: ***** Invalid (DCEEC70E)

CheckSum: 0001C38B

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82bd0000 fffff800`82be4000 netbios (deferred)

Image path: \SystemRoot\system32\drivers\netbios.sys

Image name: netbios.sys

Timestamp: Fri Nov 12 13:10:06 2021 (618ED82E)

CheckSum: 0001A9AF

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82c00000 fffff800`82fa4000 dxgkrnl (deferred)

Image path: \SystemRoot\System32\drivers\dxgkrnl.sys

Image name: dxgkrnl.sys

Timestamp: ***** Invalid (B20216B8)

CheckSum: 0039F5F1

ImageSize: 003A4000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82fb0000 fffff800`82fc8000 watchdog (deferred)

Image path: \SystemRoot\System32\drivers\watchdog.sys

Image name: watchdog.sys

Timestamp: Fri Jun 16 16:44:59 2006 (4493508B)

CheckSum: 000222BD

ImageSize: 00018000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82fd0000 fffff800`82fe6000 BasicDisplay (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_62ba5773ba05edee\BasicDisplay.sys

Image name: BasicDisplay.sys

Timestamp: ***** Invalid (A2092B45)

CheckSum: 0001C212

ImageSize: 00016000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`82ff0000 fffff800`83001000 BasicRender (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_49a8589f00d970d9\BasicRender.sys

Image name: BasicRender.sys

Timestamp: ***** Invalid (EE8C9717)

CheckSum: 00016443

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83010000 fffff800`83017000 DamewareMini (deferred)

Image path: \SystemRoot\System32\drivers\DamewareMini.sys

Image name: DamewareMini.sys

Timestamp: Sun Mar 16 10:42:28 2008 (47DD6A14)

CheckSum: 0000921C

ImageSize: 00007000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83020000 fffff800`83035000 VIDEOPRT (deferred)

Image path: \SystemRoot\System32\drivers\VIDEOPRT.SYS

Image name: VIDEOPRT.SYS

Timestamp: Thu Jan 18 03:16:03 1979 (11047A73)

CheckSum: 000159DE

ImageSize: 00015000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83040000 fffff800`8305c000 Npfs (deferred)

Image path: \SystemRoot\System32\Drivers\Npfs.SYS

Image name: Npfs.SYS

Timestamp: ***** Invalid (9E3E4C73)

CheckSum: 000192F7

ImageSize: 0001C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83060000 fffff800`83071000 Msfs (deferred)

Image path: \SystemRoot\System32\Drivers\Msfs.SYS

Image name: Msfs.SYS

Timestamp: ***** Invalid (95155DF1)

CheckSum: 0001A9B5

ImageSize: 00011000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83080000 fffff800`8309b000 CimFS (deferred)

Image path: \SystemRoot\System32\Drivers\CimFS.SYS

Image name: CimFS.SYS

Timestamp: Sun Nov 15 00:49:44 2037 (7FAA9D28)

CheckSum: 00018CE5

ImageSize: 0001B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`830a0000 fffff800`830c4000 klwfp (deferred)

Image path: \SystemRoot\system32\DRIVERS\klwfp.sys

Image name: klwfp.sys

Timestamp: ***** Invalid (EB577675)

CheckSum: 0002CDC2

ImageSize: 00024000

File version: 30.587.0.170

Product version: 30.587.0.170

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klwfp

ProductVersion: 30.587.0.170-e30f0c58d6

FileVersion: 30.587.0.170

FileDescription: WFP Network Filter [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`830d0000 fffff800`830f2000 tdx (deferred)

Image path: \SystemRoot\system32\DRIVERS\tdx.sys

Image name: tdx.sys

Timestamp: Thu Oct 03 22:47:28 1991 (28EC0E80)

CheckSum: 000273F3

ImageSize: 00022000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83100000 fffff800`83110000 TDI (deferred)

Image path: \SystemRoot\system32\DRIVERS\TDI.SYS

Image name: TDI.SYS

Timestamp: ***** Invalid (D1AD2BD4)

CheckSum: 0000D19A

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83120000 fffff800`83135000 klim6 (deferred)

Image path: \SystemRoot\system32\DRIVERS\klim6.sys

Image name: klim6.sys

Timestamp: ***** Invalid (D15AC501)

CheckSum: 0002025E

ImageSize: 00015000

File version: 30.587.0.930

Product version: 30.587.0.930

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klim6

ProductVersion: 30.587.0.930-ef5965511c

FileVersion: 30.587.0.930

FileDescription: Packet Network Filter [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`83140000 fffff800`8315a000 vwififlt (deferred)

Image path: \SystemRoot\System32\drivers\vwififlt.sys

Image name: vwififlt.sys

Timestamp: Wed Jan 06 23:07:33 2010 (4B458835)

CheckSum: 0001814D

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83170000 fffff800`83212000 klgse (deferred)

Image path: \SystemRoot\system32\DRIVERS\klgse.sys

Image name: klgse.sys

Timestamp: Mon Feb 08 07:51:31 2021 (60215E03)

CheckSum: 000A7591

ImageSize: 000A2000

File version: 30.587.0.830

Product version: 30.587.0.830

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klgse

ProductVersion: 30.587.0.830-2713fb5b5d

FileVersion: 30.587.0.830

FileDescription: Security Extender [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`83220000 fffff800`83232000 klpd (deferred)

Image path: \SystemRoot\system32\DRIVERS\klpd.sys

Image name: klpd.sys

Timestamp: Mon Jan 25 08:51:07 2021 (600EF6FB)

CheckSum: 0001F6D9

ImageSize: 00012000

File version: 30.587.0.170

Product version: 30.587.0.170

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klpd

ProductVersion: 30.587.0.170-e30f0c58d6

FileVersion: 30.587.0.170

FileDescription: Format Recognizer [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

Page 20001f64b too large to be in the dump file.

fffff800`83240000 fffff800`8324a000 Null (deferred)

Image path: \SystemRoot\System32\Drivers\Null.SYS

Image name: Null.SYS

Page 20001f64b too large to be in the dump file.

Timestamp: unavailable (FFFFFFFE)

CheckSum: missing

ImageSize: 0000A000

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

Page 20001f64b too large to be in the dump file.

fffff800`83250000 fffff800`8325a000 Beep (deferred)

Image path: \SystemRoot\System32\Drivers\Beep.SYS

Image name: Beep.SYS

Timestamp: ***** Invalid (E4AC8238)

CheckSum: 00008685

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83260000 fffff800`8326d000 dwvkbd64 (deferred)

Image path: \SystemRoot\system32\DRIVERS\dwvkbd64.sys

Image name: dwvkbd64.sys

Timestamp: Wed Apr 11 13:22:37 2007 (461D519D)

CheckSum: 0000A755

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83270000 fffff800`832cc000 netbt (deferred)

Image path: \SystemRoot\System32\DRIVERS\netbt.sys

Image name: netbt.sys

Timestamp: ***** Invalid (8908830E)

CheckSum: 000553BD

ImageSize: 0005C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`832d0000 fffff800`832e3000 afunix (deferred)

Image path: \SystemRoot\system32\drivers\afunix.sys

Image name: afunix.sys

Timestamp: ***** Invalid (9501F0D8)

CheckSum: 00018987

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`832f0000 fffff800`83393000 afd (deferred)

Image path: \SystemRoot\system32\drivers\afd.sys

Image name: afd.sys

Timestamp: ***** Invalid (CC0C9B73)

CheckSum: 000A334A

ImageSize: 000A3000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`833a0000 fffff800`833eb000 klwtp (deferred)

Image path: \SystemRoot\system32\DRIVERS\klwtp.sys

Image name: klwtp.sys

Timestamp: ***** Invalid (F54B0C36)

CheckSum: 0005B951

ImageSize: 0004B000

File version: 30.587.0.590

Product version: 30.587.0.590

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klwtp

ProductVersion: 30.587.0.590-5f439758d8

FileVersion: 30.587.0.590

FileDescription: WFP Network Connection Filter Driver [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`83400000 fffff800`83412000 nsiproxy (deferred)

Image path: \SystemRoot\system32\drivers\nsiproxy.sys

Image name: nsiproxy.sys

Timestamp: ***** Invalid (E65AB811)

CheckSum: 0001515A

ImageSize: 00012000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83420000 fffff800`8342e000 npsvctrig (deferred)

Image path: \SystemRoot\System32\drivers\npsvctrig.sys

Image name: npsvctrig.sys

Timestamp: Sun Jan 05 18:41:12 2025 (677B42C8)

CheckSum: 000119D3

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83430000 fffff800`83440000 mssmbios (deferred)

Image path: \SystemRoot\System32\drivers\mssmbios.sys

Image name: mssmbios.sys

Timestamp: Thu Mar 17 08:26:02 2022 (6233611A)

CheckSum: 0000DD1D

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83450000 fffff800`83499000 kneps (deferred)

Image path: \SystemRoot\system32\DRIVERS\kneps.sys

Image name: kneps.sys

Timestamp: ***** Invalid (CEAE8F0E)

CheckSum: 00049AF2

ImageSize: 00049000

File version: 30.587.0.460

Product version: 30.587.0.460

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: kneps

ProductVersion: 30.587.0.460-f74872ca72

FileVersion: 30.587.0.460

FileDescription: Network Processor [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`834f0000 fffff800`834fa000 gpuenergydrv (deferred)

Image path: \SystemRoot\System32\drivers\gpuenergydrv.sys

Image name: gpuenergydrv.sys

Timestamp: ***** Invalid (F10C03D8)

CheckSum: 00009EA6

ImageSize: 0000A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83500000 fffff800`8352c000 dfsc (deferred)

Image path: \SystemRoot\System32\Drivers\dfsc.sys

Image name: dfsc.sys

Timestamp: ***** Invalid (F5D01020)

CheckSum: 00031317

ImageSize: 0002C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83530000 fffff800`83545000 tcpipreg (deferred)

Image path: \SystemRoot\System32\drivers\tcpipreg.sys

Image name: tcpipreg.sys

Timestamp: Fri May 11 20:43:31 1973 (0651E2F3)

CheckSum: 0001BF67

ImageSize: 00015000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83550000 fffff800`83567000 bam (deferred)

Image path: \SystemRoot\system32\drivers\bam.sys

Image name: bam.sys

Timestamp: Fri Mar 26 23:41:44 2010 (4BADB6B8)

CheckSum: 00019328

ImageSize: 00017000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83570000 fffff800`835be000 ahcache (deferred)

Image path: \SystemRoot\system32\DRIVERS\ahcache.sys

Image name: ahcache.sys

Timestamp: Tue Mar 26 11:33:15 2019 (5C9A7E7B)

CheckSum: 00052E71

ImageSize: 0004E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`835c0000 fffff800`835d4000 kbdclass (deferred)

Image path: \SystemRoot\System32\drivers\kbdclass.sys

Image name: kbdclass.sys

Timestamp: Mon Mar 25 01:20:10 1996 (3156654A)

CheckSum: 0001CE1A

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`835e0000 fffff800`835f2000 CompositeBus (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys

Image name: CompositeBus.sys

Timestamp: Wed Oct 28 00:32:02 2026 (6AE1B302)

CheckSum: 00015BD2

ImageSize: 00012000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83600000 fffff800`8360d000 kdnic (deferred)

Image path: \SystemRoot\System32\drivers\kdnic.sys

Image name: kdnic.sys

Timestamp: ***** Invalid (9401D3B8)

CheckSum: 000178DD

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83610000 fffff800`83625000 umbus (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys

Image name: umbus.sys

Timestamp: ***** Invalid (E7B4847E)

CheckSum: 0001394F

ImageSize: 00015000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83630000 fffff800`8375f000 dump_iaStorE (deferred)

Image path: \SystemRoot\System32\drivers\dump_iaStorE.sys

Image name: dump_iaStorE.sys

Timestamp: Mon Jan 13 13:05:06 2020 (5E1CDB82)

CheckSum: 00110008

ImageSize: 0012F000

File version: 6.3.0.1022

Product version: 6.3.0.1022

File flags: 8 (Mask 3F) Private

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Intel Corporation

ProductName: Intel Virtual RAID on CPUdriver

InternalName: iaStor.sys

OriginalFilename: iaStor.sys

ProductVersion: 6.3.0.1022

FileVersion: 6.3.0.1022

PrivateBuild: 6.3.0.1022

SpecialBuild: 6.3.0.1022

FileDescription: Intel Virtual RAID on CPUdriver - x64

LegalCopyright: Copyright(C) Intel Corporation 1994-2019

LegalTrademarks: Copyright(C) Intel Corporation 1994-2019

Comments: -x64

fffff800`83760000 fffff800`83841000 dxgmms2 (deferred)

Image path: \SystemRoot\System32\drivers\dxgmms2.sys

Image name: dxgmms2.sys

Timestamp: Thu Apr 09 16:03:45 1970 (00828561)

CheckSum: 000EB4C5

ImageSize: 000E1000

File version: 10.0.19041.508

Product version: 10.0.19041.508

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: dxgmms2.sys

OriginalFilename: dxgmms2.sys

ProductVersion: 10.0.19041.508

FileVersion: 10.0.19041.508 (WinBuild.160101.0800)

FileDescription: DirectX Graphics MMS

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`83850000 fffff800`83886000 wcifs (deferred)

Image path: \SystemRoot\system32\drivers\wcifs.sys

Image name: wcifs.sys

Timestamp: Sun Jan 31 18:32:49 2027 (6B5FEED1)

CheckSum: 0004091A

ImageSize: 00036000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83890000 fffff800`83910000 cldflt (deferred)

Image path: \SystemRoot\system32\drivers\cldflt.sys

Image name: cldflt.sys

Timestamp: Thu Mar 20 15:36:50 2003 (3E7A5092)

CheckSum: 0007EBD7

ImageSize: 00080000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83920000 fffff800`83947000 tsusbhub (deferred)

Image path: \SystemRoot\System32\drivers\tsusbhub.sys

Image name: tsusbhub.sys

Timestamp: Sun Dec 06 01:15:32 2020 (5FCCA134)

CheckSum: 0002CCCD

ImageSize: 00027000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83950000 fffff800`83977000 bindflt (deferred)

Image path: \SystemRoot\system32\drivers\bindflt.sys

Image name: bindflt.sys

Timestamp: ***** Invalid (E3483DD4)

CheckSum: 0002F4EE

ImageSize: 00027000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83980000 fffff800`839a5000 bowser (deferred)

Image path: \SystemRoot\system32\DRIVERS\bowser.sys

Image name: bowser.sys

Timestamp: ***** Invalid (EDAC6813)

CheckSum: 00024E4F

ImageSize: 00025000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`839b0000 fffff800`83a06000 msquic (deferred)

Image path: \SystemRoot\system32\drivers\msquic.sys

Image name: msquic.sys

Timestamp: ***** Invalid (DE688303)

CheckSum: 0005615F

ImageSize: 00056000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83a10000 fffff800`83aa3000 mrxsmb (deferred)

Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys

Image name: mrxsmb.sys

Timestamp: ***** Invalid (CDB159C0)

CheckSum: 0008D9C7

ImageSize: 00093000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83ab0000 fffff800`83af5000 mrxsmb20 (deferred)

Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys

Image name: mrxsmb20.sys

Timestamp: ***** Invalid (C5AEA72C)

CheckSum: 0004D662

ImageSize: 00045000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83b00000 fffff800`83b13000 condrv (deferred)

Image path: \SystemRoot\System32\drivers\condrv.sys

Image name: condrv.sys

Timestamp: ***** Invalid (B47B2254)

CheckSum: 0001B87D

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83b20000 fffff800`83b72000 srvnet (deferred)

Image path: \SystemRoot\System32\DRIVERS\srvnet.sys

Image name: srvnet.sys

Timestamp: Sat Aug 04 03:40:17 2001 (3B6BDF21)

CheckSum: 000539AC

ImageSize: 00052000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83b80000 fffff800`83c47000 srv2 (deferred)

Image path: \SystemRoot\System32\DRIVERS\srv2.sys

Image name: srv2.sys

Timestamp: ***** Invalid (EE8E2F4F)

CheckSum: 000C31D2

ImageSize: 000C7000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83c50000 fffff800`83c68000 lltdio (deferred)

Image path: \SystemRoot\system32\drivers\lltdio.sys

Image name: lltdio.sys

Timestamp: ***** Invalid (D4D91B57)

CheckSum: 00012B46

ImageSize: 00018000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83c70000 fffff800`83c8b000 rspndr (deferred)

Image path: \SystemRoot\system32\drivers\rspndr.sys

Image name: rspndr.sys

Timestamp: ***** Invalid (9E43BCCD)

CheckSum: 000194E8

ImageSize: 0001B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83c90000 fffff800`83cad000 wanarp (deferred)

Image path: \SystemRoot\System32\DRIVERS\wanarp.sys

Image name: wanarp.sys

Timestamp: Wed Dec 08 07:58:18 1976 (0D0C481A)

CheckSum: 0001B428

ImageSize: 0001D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83cb0000 fffff800`83cca000 mpsdrv (deferred)

Image path: \SystemRoot\System32\drivers\mpsdrv.sys

Image name: mpsdrv.sys

Timestamp: Thu Nov 03 06:07:36 1977 (0EBF3D28)

CheckSum: 00019727

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83cd0000 fffff800`83e56000 HTTP (deferred)

Image path: \SystemRoot\system32\drivers\HTTP.sys

Image name: HTTP.sys

Timestamp: Sat Aug 09 12:01:22 2003 (3F355312)

CheckSum: 0018B770

ImageSize: 00186000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83e60000 fffff800`83e6f000 ndistapi (deferred)

Image path: \SystemRoot\System32\DRIVERS\ndistapi.sys

Image name: ndistapi.sys

Timestamp: Mon Aug 10 20:11:42 1987 (211E997E)

CheckSum: 0001530C

ImageSize: 0000F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83e70000 fffff800`83e84000 mmcss (deferred)

Image path: \SystemRoot\system32\drivers\mmcss.sys

Image name: mmcss.sys

Timestamp: ***** Invalid (A1F3B590)

CheckSum: 000108D9

ImageSize: 00014000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83e90000 fffff800`83ee2000 mrxsmb10 (deferred)

Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys

Image name: mrxsmb10.sys

Timestamp: ***** Invalid (ABA1F2CF)

CheckSum: 0005A30C

ImageSize: 00052000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83ef0000 fffff800`83f17000 Ndu (deferred)

Image path: \SystemRoot\system32\drivers\Ndu.sys

Image name: Ndu.sys

Timestamp: ***** Invalid (ABC6C894)

CheckSum: 000213E1

ImageSize: 00027000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83f20000 fffff800`83fb4000 srv (deferred)

Image path: \SystemRoot\System32\DRIVERS\srv.sys

Image name: srv.sys

Timestamp: Mon Mar 31 20:28:23 1997 (33408EE7)

CheckSum: 0006E57C

ImageSize: 00094000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`83fc0000 fffff800`84061000 Vid (deferred)

Image path: \SystemRoot\System32\drivers\Vid.sys

Image name: Vid.sys

Timestamp: ***** Invalid (D8B48452)

CheckSum: 000AB1EA

ImageSize: 000A1000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`84070000 fffff800`84091000 winhvr (deferred)

Image path: \SystemRoot\System32\drivers\winhvr.sys

Image name: winhvr.sys

Timestamp: ***** Invalid (C1F13DBD)

CheckSum: 0001EA8A

ImageSize: 00021000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`840a0000 fffff800`840b5000 klpnpflt (deferred)

Image path: \SystemRoot\system32\DRIVERS\klpnpflt.sys

Image name: klpnpflt.sys

Timestamp: Mon Jan 25 08:51:08 2021 (600EF6FC)

CheckSum: 0002062B

ImageSize: 00015000

File version: 30.587.0.170

Product version: 30.587.0.170

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klpnpflt

ProductVersion: 30.587.0.170-e30f0c58d6

FileVersion: 30.587.0.170

FileDescription: Generic PnP filter [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`840c0000 fffff800`840d7000 klfltdev (deferred)

Image path: \SystemRoot\system32\DRIVERS\klfltdev.sys

Image name: klfltdev.sys

Timestamp: Mon Jan 25 08:51:08 2021 (600EF6FC)

CheckSum: 00021681

ImageSize: 00017000

File version: 30.587.0.170

Product version: 30.587.0.170

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: AO Kaspersky Lab

ProductName: Coretech Delivery

InternalName: klfltdev

ProductVersion: 30.587.0.170-e30f0c58d6

FileVersion: 30.587.0.170

FileDescription: PnP Device Filter [fre_win7_x64]

LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.

LegalTrademarks: Registered trademarks and service marks are the property of their respective owners

fffff800`840e0000 fffff800`8415b000 rdbss (deferred)

Image path: \SystemRoot\system32\DRIVERS\rdbss.sys

Image name: rdbss.sys

Timestamp: Sat Jul 10 02:51:55 2010 (4C3850CB)

CheckSum: 0007E4B9

ImageSize: 0007B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`84160000 fffff800`841f4000 csc (deferred)

Image path: \SystemRoot\system32\drivers\csc.sys

Image name: csc.sys

Timestamp: Thu Sep 22 14:17:30 1994 (2E82027A)

CheckSum: 00091932

ImageSize: 00094000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85400000 fffff800`85444000 ucx01000 (deferred)

Image path: \SystemRoot\system32\drivers\ucx01000.sys

Image name: ucx01000.sys

Timestamp: Wed Mar 07 16:31:05 1979 (11447CC9)

CheckSum: 0004DFDA

ImageSize: 00044000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85450000 fffff800`85484000 TeeDriverW8x64 (deferred)

Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys

Image name: TeeDriverW8x64.sys

Timestamp: Sun Nov 19 03:39:59 2017 (5A116D8F)

CheckSum: 0003F054

ImageSize: 00034000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85490000 fffff800`85526000 e1d68x64 (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_26255692c8b1c6b6\e1d68x64.sys

Image name: e1d68x64.sys

Timestamp: Tue Sep 29 07:11:02 2020 (5F734E86)

CheckSum: 00099A08

ImageSize: 00096000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85530000 fffff800`8554a000 usbehci (deferred)

Image path: \SystemRoot\System32\drivers\usbehci.sys

Image name: usbehci.sys

Timestamp: Mon Jan 08 08:10:05 1979 (10F7905D)

CheckSum: 000239DC

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85550000 fffff800`855c9000 USBPORT (deferred)

Image path: \SystemRoot\System32\drivers\USBPORT.SYS

Image name: USBPORT.SYS

Timestamp: Sat Nov 03 06:27:44 2029 (708EDB60)

CheckSum: 0007822B

ImageSize: 00079000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`855d0000 fffff800`855f1000 i8042prt (deferred)

Image path: \SystemRoot\System32\drivers\i8042prt.sys

Image name: i8042prt.sys

Timestamp: Wed Apr 03 23:16:01 2013 (515D28B1)

CheckSum: 00022B0C

ImageSize: 00021000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85600000 fffff800`8561c000 serial (deferred)

Image path: \SystemRoot\System32\drivers\serial.sys

Image name: serial.sys

Timestamp: Wed Apr 19 02:23:01 2017 (58F73A85)

CheckSum: 0001B585

ImageSize: 0001C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85620000 fffff800`8562f000 serenum (deferred)

Image path: \SystemRoot\System32\drivers\serenum.sys

Image name: serenum.sys

Timestamp: ***** Invalid (A5178D42)

CheckSum: 00009616

ImageSize: 0000F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85630000 fffff800`8563c000 wmiacpi (deferred)

Image path: \SystemRoot\System32\drivers\wmiacpi.sys

Image name: wmiacpi.sys

Timestamp: Wed Aug 19 05:20:44 2009 (4A8BFC2C)

CheckSum: 0000CC2F

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85640000 fffff800`85680000 intelppm (deferred)

Image path: \SystemRoot\System32\drivers\intelppm.sys

Image name: intelppm.sys

Timestamp: Tue Jun 14 02:18:00 2016 (575FD9D8)

CheckSum: 00047AB7

ImageSize: 00040000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85690000 fffff800`856a0000 XtuAcpiDriver (deferred)

Image path: \SystemRoot\System32\drivers\XtuAcpiDriver.sys

Image name: XtuAcpiDriver.sys

Timestamp: Thu Mar 05 16:20:30 2020 (5E61974E)

CheckSum: 0001DB9D

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`856b0000 fffff800`856bd000 NdisVirtualBus (deferred)

Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys

Image name: NdisVirtualBus.sys

Timestamp: ***** Invalid (A7AE93D1)

CheckSum: 00014F1D

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`856c0000 fffff800`856cc000 swenum (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys

Image name: swenum.sys

Timestamp: ***** Invalid (E117266B)

CheckSum: 000082C9

ImageSize: 0000C000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`856d0000 fffff800`856de000 rdpbus (deferred)

Image path: \SystemRoot\System32\drivers\rdpbus.sys

Image name: rdpbus.sys

Timestamp: ***** Invalid (84DFD52A)

CheckSum: 000106CE

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`856e0000 fffff800`85765000 usbhub (deferred)

Image path: \SystemRoot\System32\drivers\usbhub.sys

Image name: usbhub.sys

Timestamp: Mon Apr 24 01:59:16 2017 (58FDCC74)

CheckSum: 00084516

ImageSize: 00085000

File version: 10.0.19041.1

Product version: 10.0.19041.1

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: usbhub.sys

OriginalFilename: usbhub.sys

ProductVersion: 10.0.19041.1

FileVersion: 10.0.19041.1 (WinBuild.160101.0800)

FileDescription: Default Hub Driver for USB

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`85770000 fffff800`8577e000 USBD (deferred)

Image path: \SystemRoot\System32\drivers\USBD.SYS

Image name: USBD.SYS

Timestamp: Wed Feb 02 14:47:35 2033 (76AC3507)

CheckSum: 0000FFB7

ImageSize: 0000E000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85780000 fffff800`857b8000 nvhda64v (deferred)

Image path: \SystemRoot\system32\drivers\nvhda64v.sys

Image name: nvhda64v.sys

Timestamp: Tue Jun 09 10:01:25 2020 (5EDFCE75)

CheckSum: 0003B8F0

ImageSize: 00038000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`857c0000 fffff800`857cf000 ksthunk (deferred)

Image path: \SystemRoot\system32\drivers\ksthunk.sys

Image name: ksthunk.sys

Timestamp: Thu Apr 25 06:23:02 1991 (2816E646)

CheckSum: 00007961

ImageSize: 0000F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`857d0000 fffff800`85873000 UsbHub3 (deferred)

Image path: \SystemRoot\System32\drivers\UsbHub3.sys

Image name: UsbHub3.sys

Timestamp: ***** Invalid (FDA30E83)

CheckSum: 000AC346

ImageSize: 000A3000

File version: 10.0.19041.264

Product version: 10.0.19041.264

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: usbhub3.sys

OriginalFilename: usbhub3.sys

ProductVersion: 10.0.19041.264

FileVersion: 10.0.19041.264 (WinBuild.160101.0800)

FileDescription: USB3 HUB Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`85880000 fffff800`85e5e000 RTKVHD64 (deferred)

Image path: \SystemRoot\system32\drivers\RTKVHD64.sys

Image name: RTKVHD64.sys

Timestamp: Thu Sep 24 02:20:38 2020 (5F6C72F6)

CheckSum: 005EDBA6

ImageSize: 005DE000

File version: 6.0.9035.1

Product version: 6.0.9035.1

File flags: 8 (Mask 3F) Private

File OS: 40004 NT Win32

File type: 3.9 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Realtek Semiconductor Corp.

ProductName: Realtek(r) High Definition Audio Function Driver

InternalName: RTKVHD64.sys 9035

OriginalFilename: RTKVHD64.sys

ProductVersion: 6.0.9035.1

FileVersion: 6.0.9035.1 built by: WinDDK

FileDescription: Realtek(r) High Definition Audio Function Driver

LegalCopyright: Copyright (c) Realtek Semiconductor Corp.1998-2013

fffff800`85e60000 fffff800`85e78000 mslldp (deferred)

Image path: \SystemRoot\system32\drivers\mslldp.sys

Image name: mslldp.sys

Timestamp: Wed Aug 07 19:50:12 2030 (71FCC6F4)

CheckSum: 00016923

ImageSize: 00018000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85e80000 fffff800`85e92000 hidusb (deferred)

Image path: \SystemRoot\System32\drivers\hidusb.sys

Image name: hidusb.sys

Timestamp: ***** Invalid (A66785A7)

CheckSum: 000170ED

ImageSize: 00012000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85ea0000 fffff800`85edf000 HIDCLASS (deferred)

Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS

Image name: HIDCLASS.SYS

Timestamp: ***** Invalid (A07210A7)

CheckSum: 0003DA22

ImageSize: 0003F000

File version: 10.0.19041.1

Product version: 10.0.19041.1

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 2.0 Dll

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: hidclass.sys

OriginalFilename: hidclass.sys

ProductVersion: 10.0.19041.1

FileVersion: 10.0.19041.1 (WinBuild.160101.0800)

FileDescription: Hid Class Library

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`85ee0000 fffff800`85ef3000 HIDPARSE (deferred)

Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS

Image name: HIDPARSE.SYS

Timestamp: Wed Aug 27 17:20:06 1997 (3404D246)

CheckSum: 00016359

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85f00000 fffff800`85f10000 mouhid (deferred)

Image path: \SystemRoot\System32\drivers\mouhid.sys

Image name: mouhid.sys

Timestamp: ***** Invalid (E502FBD9)

CheckSum: 000173E5

ImageSize: 00010000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85f20000 fffff800`85f33000 mouclass (deferred)

Image path: \SystemRoot\System32\drivers\mouclass.sys

Image name: mouclass.sys

Timestamp: Tue Jan 07 02:19:56 2003 (3E1AA9CC)

CheckSum: 00019679

ImageSize: 00013000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`85f50000 fffff800`85f5e000 dump_diskdump (deferred)

Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys

Image name: dump_diskdump.sys

Timestamp: ***** Invalid (95F39C8A)

CheckSum: 0000B16B

ImageSize: 0000E000

File version: 10.0.19041.1

Product version: 10.0.19041.1

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: diskdump.sys

OriginalFilename: diskdump.sys

ProductVersion: 10.0.19041.1

FileVersion: 10.0.19041.1 (WinBuild.160101.0800)

FileDescription: Crash Dump Disk Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`860b0000 fffff800`860cd000 dump_dumpfve (deferred)

Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys

Image name: dump_dumpfve.sys

Timestamp: Thu Oct 05 10:32:17 2023 (651F0131)

CheckSum: 00022E48

ImageSize: 0001D000

File version: 10.0.19041.1

Product version: 10.0.19041.1

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0000.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: dumpfve.sys

OriginalFilename: dumpfve.sys

ProductVersion: 10.0.19041.1

FileVersion: 10.0.19041.1 (WinBuild.160101.0800)

FileDescription: Bitlocker Drive Encryption Crashdump Filter

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`860d0000 fffff800`860eb000 monitor (deferred)

Image path: \SystemRoot\System32\drivers\monitor.sys

Image name: monitor.sys

Timestamp: Wed May 01 10:30:47 1985 (1CD682D7)

CheckSum: 0001751B

ImageSize: 0001B000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`860f0000 fffff800`860fd000 rdpvideominiport (deferred)

Image path: \SystemRoot\System32\drivers\rdpvideominiport.sys

Image name: rdpvideominiport.sys

Timestamp: Sun Jul 12 11:13:17 1981 (15AF594D)

CheckSum: 00015381

ImageSize: 0000D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`86100000 fffff800`8612f000 rdpdr (deferred)

Image path: \SystemRoot\System32\drivers\rdpdr.sys

Image name: rdpdr.sys

Timestamp: ***** Invalid (9EEF34DA)

CheckSum: 0002BAD1

ImageSize: 0002F000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`86130000 fffff800`86159000 luafv (deferred)

Image path: \SystemRoot\system32\drivers\luafv.sys

Image name: luafv.sys

Timestamp: Sat Jan 23 18:15:51 2016 (56A433D7)

CheckSum: 00030A3A

ImageSize: 00029000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`86160000 fffff800`8726d000 nvlddmkm (deferred)

Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys

Image name: nvlddmkm.sys

Timestamp: Fri Mar 23 15:02:22 2018 (5AB5877E)

CheckSum: 010C6B80

ImageSize: 0110D000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`87270000 fffff800`87295000 HDAudBus (deferred)

Image path: \SystemRoot\System32\drivers\HDAudBus.sys

Image name: HDAudBus.sys

Timestamp: Wed Nov 17 21:08:44 2021 (6195DFDC)

CheckSum: 000268EC

ImageSize: 00025000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`872a0000 fffff800`87306000 portcls (deferred)

Image path: \SystemRoot\System32\drivers\portcls.sys

Image name: portcls.sys

Timestamp: Mon Dec 23 15:28:58 2002 (3E079C3A)

CheckSum: 0006B23D

ImageSize: 00066000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`87310000 fffff800`87331000 drmk (deferred)

Image path: \SystemRoot\System32\drivers\drmk.sys

Image name: drmk.sys

Timestamp: ***** Invalid (92B1AC47)

CheckSum: 0001A51A

ImageSize: 00021000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

fffff800`87340000 fffff800`873d8000 USBXHCI (deferred)

Image path: \SystemRoot\System32\drivers\USBXHCI.SYS

Image name: USBXHCI.SYS

Timestamp: Sun Aug 07 06:37:42 1994 (2E44F1B6)

CheckSum: 0009CD76

ImageSize: 00098000

File version: 10.0.19041.488

Product version: 10.0.19041.488

File flags: 0 (Mask 3F)

File OS: 40004 NT Win32

File type: 3.7 Driver

File date: 00000000.00000000

Translations: 0409.04b0

CompanyName: Microsoft Corporation

ProductName: Microsoft® Windows® Operating System

InternalName: usbxhci.sys

OriginalFilename: usbxhci.sys

ProductVersion: 10.0.19041.488

FileVersion: 10.0.19041.488 (WinBuild.160101.0800)

FileDescription: USB XHCI Driver

LegalCopyright: © Microsoft Corporation. All rights reserved.

fffff800`873e0000 fffff800`873fa000 storqosflt (deferred)

Image path: \SystemRoot\system32\drivers\storqosflt.sys

Image name: storqosflt.sys

Timestamp: Mon Apr 09 10:08:30 2007 (461A811E)

CheckSum: 00025AFB

ImageSize: 0001A000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

Unloaded modules:

fffff800`834a0000 fffff800`834e2000 klids.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00042000

fffff800`82ac0000 fffff800`82add000 raspppoe.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001D000

fffff800`82a90000 fffff800`82ab2000 raspptp.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00022000

fffff800`82a60000 fffff800`82a82000 rasl2tp.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00022000

fffff800`83160000 fffff800`8316e000 WSDPrint.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000E000

fffff800`7eb70000 fffff800`7eb7f000 WpdUpFltr.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000F000

fffff800`7eb10000 fffff800`7eb65000 WUDFRd.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00055000

fffff800`7eb80000 fffff800`7eb9d000 EhStorClass.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001D000

fffff800`7f280000 fffff800`7f29d000 EhStorClass.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001D000

fffff800`82550000 fffff800`82569000 uaspstor.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00019000

fffff800`7ed60000 fffff800`7ed7d000 EhStorClass.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001D000

fffff800`834a0000 fffff800`834e2000 klids.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00042000

fffff800`83e60000 fffff800`83e6d000 csvol.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000D000

fffff800`82a70000 fffff800`82a7f000 dump_storport.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000F000

fffff800`82400000 fffff800`82530000 dump_iaStorE.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00130000

fffff800`82550000 fffff800`8256e000 dump_dumpfve.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001E000

fffff800`85e60000 fffff800`85e79000 uaspstor.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00019000

fffff800`812c0000 fffff800`812dd000 EhStorClass.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001D000

fffff800`83530000 fffff800`8354c000 dam.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0001C000

fffff800`80c50000 fffff800`80c5f000 klelam.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 0000F000

fffff800`81eb0000 fffff800`81ec1000 hwpolicy.sys

Timestamp: unavailable (00000000)

Checksum: 00000000

ImageSize: 00011000

6: kd> q

quit:

Author

Title

Language

Your paste - Paste your paste here

Opened log file 'E:\Windows\msdart_crashanalyzer_kd_ansi.log'

Loading Dump File [E:\Windows\MEMORY.DMP]
Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.

************* Symbol Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff800`7be00000 PsLoadedModuleList = 0xfffff800`7ca2a310
Debug session time: Mon Sep 20 03:12:30.931 2021 (UTC - 8:00)
System Uptime: 0 days 6:10:01.548
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntkrnlmp.exe - 
Loading Kernel Symbols
...............................................................
.................Page 20001f64b too large to be in the dump file.
...............................................
................................................................
......
Loading User Symbols

Loading unloaded module list
.....................

************* Symbol Loading Error Summary **************
Module name            Error
ntkrnlmp               The system cannot find the file specified

You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
No .natvis files found at X:\windows\system32\DebugTools\Visualizers.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck BE, {ffff900035b3a334, 8a00000005300021, ffffdc82017c6550, a}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!KPRCB                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPCR                                      ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KTHREAD                                   ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_KPRCB                                     ***
***                                                                   ***
*************************************************************************
Probably caused by : ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!A371A2E91046000 )

Followup:     MachineOwner
---------

6: kd&gt; .logclose
Closing open log file E:\Windows\msdart_crashanalyzer_kd_ansi.log
Opened log file 'E:\Windows\msdart_crashanalyzer_kd_unicode.log'
6: kd&gt; !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
An attempt was made to write to readonly memory.  The guilty driver is on the
stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: ffff900035b3a334, Virtual address for the attempted write.
Arg2: 8a00000005300021, PTE contents.
Arg3: ffffdc82017c6550, (reserved)
Arg4: 000000000000000a, (reserved)

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

SYSTEM_SKU:  To be filled by O.E.M.

SYSTEM_VERSION:  To be filled by O.E.M.

BIOS_DATE:  03/18/2014

BASEBOARD_PRODUCT:  Z87X-UD3H-CF

BASEBOARD_VERSION:  x.x

ADDITIONAL_DEBUG_TEXT:

You can run '.symfix; .reload' to try to fix the symbol path and load symbols.

WRONG_SYMBOLS_TIMESTAMP: a371a2e9

WRONG_SYMBOLS_SIZE: 1046000

FAULTING_MODULE: fffff8007be00000 nt

DEBUG_FLR_IMAGE_TIMESTAMP:  a371a2e9

BUGCHECK_P1: ffff900035b3a334

BUGCHECK_P2: 8a00000005300021

BUGCHECK_P3: ffffdc82017c6550

BUGCHECK_P4: a

CPU_COUNT: 8

CPU_MHZ: d48

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CURRENT_IRQL:  0

ANALYSIS_VERSION: 10.0.10240.9 amd64fre

LAST_CONTROL_TRANSFER:  from fffff8007c22f11a to fffff8007c1f3ea0

STACK_TEXT:  
ffffdc82`017c6358 fffff800`7c22f11a : 00000000`000000be ffff9000`35b3a334 8a000000`05300021 ffffdc82`017c6550 : nt!KeBugCheckEx
ffffdc82`017c6360 fffff800`7c0eec6f : 8a000000`05300021 00000000`00000003 ffffdc82`017c65d0 00000000`00000000 : nt!memset+0x2809a
ffffdc82`017c63b0 fffff800`7c20205e : ffff9000`018cda70 fffff800`7c125b72 ffff9000`018cda70 00000000`00000000 : nt!SeAccessCheckWithHint+0x37ff
ffffdc82`017c6550 fffff800`7c0f9d81 : 000000fa`00000040 ffffa307`e840ed00 ffffa307`efb15740 fffff800`7ca51bf0 : nt!setjmpex+0x446e
ffffdc82`017c66e0 fffff800`7c1285ba : 00000000`00067b60 00000000`00000000 00000000`001fd9ba ffff9000`05f8d2e0 : nt!SeAccessCheckWithHint+0xe911
ffffdc82`017c6770 fffff800`7c111095 : 00000000`00000000 00000000`00000000 00000000`00000011 80000001`00000001 : nt!RtlAvlRemoveNode+0x3e3a
ffffdc82`017c67f0 fffff800`7c151f8e : ffffa307`f2a8e850 ffffdc82`017c6918 00000000`00000000 00000000`00000000 : nt!IoGetBaseFileSystemDeviceObject+0x1345
ffffdc82`017c68b0 fffff800`7c4e793e : 00000000`00088089 00000000`00000000 fffff800`7ca50b80 00000000`00088089 : nt!IoApplyPriorityInfoThread+0x42e
ffffdc82`017c6910 fffff800`7c17ad04 : ffffa307`00000001 ffffa307`efb15740 00000000`00000000 00000000`00000000 : nt!CcUnpinData+0x92e
ffffdc82`017c6960 fffff800`7c322f8d : 00000000`00000001 00000000`00000000 ffffdc82`017c69e0 ffffdc82`017c69e8 : nt!ExRegisterCallback+0x1e4
ffffdc82`017c6990 fffff800`7c2a793b : 00000000`00000000 ffffa307`efb15740 fffff800`7ca51228 fffff800`7ca51290 : nt!KeStallWhileFrozen+0xb29d
ffffdc82`017c69e0 fffff800`7c066dd5 : ffffa307`dafa1040 ffffa307`dafa1040 00000000`00000080 fffff800`7c1b8670 : nt!memset+0xa08bb
ffffdc82`017c6c10 fffff800`7c1fb4f8 : ffffca80`8f1d2180 ffffa307`dafa1040 fffff800`7c066d80 00000000`00000000 : nt!RtlEndEnumerationHashTable+0x905
ffffdc82`017c6c60 00000000`00000000 : ffffdc82`017c7000 ffffdc82`017c1000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x6438

STACK_COMMAND:  kb

FOLLOWUP_IP: 
nt!SeAccessCheckWithHint+37ff
fffff800`7c0eec6f e90ffeffff      jmp     nt!SeAccessCheckWithHint+0x3613 (fffff800`7c0eea83)

SYMBOL_STACK_INDEX:  2

FOLLOWUP_NAME:  MachineOwner

BUGCHECK_STR:  A371A2E9

EXCEPTION_CODE: (HRESULT) 0xa371a2e9 (2742133481) - &lt;Unable to get error code text&gt;

FAILURE_EXCEPTION_CODE:  A371A2E9

EXCEPTION_STR:  WRONG_SYMBOLS

IMAGE_NAME:  ntoskrnl.wrong.symbols.exe

MODULE_NAME: nt_wrong_symbols

SYMBOL_NAME:  nt_wrong_symbols!A371A2E91046000

BUCKET_ID:  WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441

PRIMARY_PROBLEM_CLASS:  WRONG_SYMBOLS

FAILURE_BUCKET_ID:  WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441_A371A2E9_nt_wrong_symbols!A371A2E91046000

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:wrong_symbols_x64_19041.1.amd64fre.vb_release.191206-1406_timestamp_561122-154441_a371a2e9_nt_wrong_symbols!a371a2e91046000

FAILURE_ID_HASH:  {e49aa84d-2ad1-9204-635d-8eb9b164a458}

Followup:     MachineOwner
---------

6: kd&gt; !thread
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Either you specified an unqualified symbol, or your debugger   ***
***    doesn't have full symbol information.  Unqualified symbol      ***
***    resolution is turned off by default. Please either specify a   ***
***    fully qualified symbol module!symbolname, or enable resolution ***
***    of unqualified symbols by typing &quot;.symopt- 100&quot;. Note that   ***
***    enabling unqualified symbol resolution with network symbol     ***
***    server shares in the symbol path may cause the debugger to     ***
***    appear to hang for long periods of time when an incorrect      ***
***    symbol name is typed or the network symbol server is down.     ***
***                                                                   ***
***    For some commands to work properly, your symbol path           ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: nt!_ETHREAD                                   ***
***                                                                   ***
*************************************************************************
ffffa307dafa1040: Unable to get thread contents
6: kd&gt; lm kv
start             end                 module name
ffff944c`38a60000 ffff944c`38afa000   win32k     (deferred)             
    Image path: \SystemRoot\System32\win32k.sys
    Image name: win32k.sys
    Timestamp:        ***** Invalid (E87370BB)
    CheckSum:         0009C34C
    ImageSize:        0009A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
ffff944c`38cc0000 ffff944c`38fa2000   win32kbase   (deferred)             
    Image path: \SystemRoot\System32\win32kbase.sys
    Image name: win32kbase.sys
    Timestamp:        ***** Invalid (883B3E7C)
    CheckSum:         002DB69F
    ImageSize:        002E2000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
ffff944c`39000000 ffff944c`39048000   cdd        (deferred)             
    Image path: \SystemRoot\System32\cdd.dll
    Image name: cdd.dll
    Timestamp:        Mon Jan 22 05:06:28 1996 (31038BD4)
    CheckSum:         0004D704
    ImageSize:        00048000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
ffff944c`39c10000 ffff944c`39fc6000   win32kfull   (deferred)             
    Image path: \SystemRoot\System32\win32kfull.sys
    Image name: win32kfull.sys
    Timestamp:        ***** Invalid (EBAA7588)
    CheckSum:         003A7C43
    ImageSize:        003B6000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7ac10000 fffff800`7ae9f000   mcupdate_GenuineIntel   (deferred)             
    Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll
    Image name: mcupdate_GenuineIntel.dll
    Timestamp:        ***** Invalid (9FB1DE46)
    CheckSum:         0028C60B
    ImageSize:        0028F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7aea0000 fffff800`7aea6000   hal        (deferred)             
    Image path: hal.dll
    Image name: hal.dll
    Timestamp:        Mon Jan 30 08:29:29 1984 (1A7BE8E9)
    CheckSum:         0000CE9F
    ImageSize:        00006000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7aeb0000 fffff800`7aebb000   kd         (deferred)             
    Image path: \SystemRoot\system32\kd.dll
    Image name: kd.dll
    Timestamp:        ***** Invalid (FE185FA8)
    CheckSum:         00004EF6
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7aec0000 fffff800`7aee7000   tm         (deferred)             
    Image path: \SystemRoot\System32\drivers\tm.sys
    Image name: tm.sys
    Timestamp:        Thu Nov 24 15:38:59 2011 (4ECED593)
    CheckSum:         00029C42
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7aef0000 fffff800`7af59000   CLFS       (deferred)             
    Image path: \SystemRoot\System32\drivers\CLFS.SYS
    Image name: CLFS.SYS
    Timestamp:        Fri Dec 30 13:11:01 2005 (43B5A265)
    CheckSum:         0006BD72
    ImageSize:        00069000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7af60000 fffff800`7af7a000   PSHED      (deferred)             
    Image path: \SystemRoot\system32\PSHED.dll
    Image name: PSHED.dll
    Timestamp:        Sun Aug 01 12:44:09 2010 (4C55DC99)
    CheckSum:         000201A9
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7af80000 fffff800`7af8b000   BOOTVID    (deferred)             
    Image path: \SystemRoot\system32\BOOTVID.dll
    Image name: BOOTVID.dll
    Timestamp:        ***** Invalid (D13EE5B6)
    CheckSum:         00013A3C
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7af90000 fffff800`7afff000   FLTMGR     (deferred)             
    Image path: \SystemRoot\System32\drivers\FLTMGR.SYS
    Image name: FLTMGR.SYS
    Timestamp:        Mon May 03 20:30:30 1971 (02839B66)
    CheckSum:         00072E12
    ImageSize:        0006F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7b000000 fffff800`7b00e000   cmimcext   (deferred)             
    Image path: \SystemRoot\System32\drivers\cmimcext.sys
    Image name: cmimcext.sys
    Timestamp:        ***** Invalid (94809681)
    CheckSum:         00010F8E
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7be00000 fffff800`7ce46000   nt         (export symbols)       ntkrnlmp.exe
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Timestamp:        ***** Invalid (A371A2E9)
    CheckSum:         00A611D3
    ImageSize:        01046000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`7eba0000 fffff800`7ebeb000   klupd_KLIF_klark   (deferred)             
    Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klark.sys
    Image name: klupd_KLIF_klark.sys
    Timestamp:        Wed Mar 24 02:58:59 2021 (605B1B73)
    CheckSum:         00054599
    ImageSize:        0004B000
    File version:     4.7.3.0
    Product version:  4.7.3.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Kaspersky Bases
    InternalName:     klark
    OriginalFilename: klark.sys
    ProductVersion:   4.7.3.0
    FileVersion:      4.7.3.0
    FileDescription:  Kaspersky Lab Anti-Rootkit
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`80600000 fffff800`80713000   clipsp     (deferred)             
    Image path: \SystemRoot\System32\drivers\clipsp.sys
    Image name: clipsp.sys
    Timestamp:        Tue Sep 01 15:19:42 2020 (5F4ED70E)
    CheckSum:         0011953D
    ImageSize:        00113000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80720000 fffff800`80749000   ksecdd     (deferred)             
    Image path: \SystemRoot\System32\drivers\ksecdd.sys
    Image name: ksecdd.sys
    Timestamp:        Fri Sep 25 14:37:08 2020 (5F6E7114)
    CheckSum:         0002AB02
    ImageSize:        00029000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80750000 fffff800`807b2000   msrpc      (deferred)             
    Image path: \SystemRoot\System32\drivers\msrpc.sys
    Image name: msrpc.sys
    Timestamp:        ***** Invalid (BD46698A)
    CheckSum:         00062C96
    ImageSize:        00062000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`807c0000 fffff800`807d1000   werkernel   (deferred)             
    Image path: \SystemRoot\System32\drivers\werkernel.sys
    Image name: werkernel.sys
    Timestamp:        Wed Oct 17 15:21:51 1984 (1BD4610F)
    CheckSum:         0000F1D5
    ImageSize:        00011000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`807e0000 fffff800`807ec000   ntosext    (deferred)             
    Image path: \SystemRoot\System32\drivers\ntosext.sys
    Image name: ntosext.sys
    Timestamp:        Sun Jul 14 21:39:43 2030 (71DD3C9F)
    CheckSum:         00009677
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`807f0000 fffff800`808d3000   CI         (deferred)             
    Image path: \SystemRoot\system32\CI.dll
    Image name: CI.dll
    Timestamp:        ***** Invalid (8BECF5E0)
    CheckSum:         000E72BB
    ImageSize:        000E3000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`808e0000 fffff800`80997000   cng        (deferred)             
    Image path: \SystemRoot\System32\drivers\cng.sys
    Image name: cng.sys
    Timestamp:        Tue May 30 08:27:56 1989 (2482C10C)
    CheckSum:         000B7883
    ImageSize:        000B7000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`809a0000 fffff800`80a71000   Wdf01000   (deferred)             
    Image path: \SystemRoot\system32\drivers\Wdf01000.sys
    Image name: Wdf01000.sys
    Timestamp:        ***** Invalid (A9A9D36E)
    CheckSum:         000D3980
    ImageSize:        000D1000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80a80000 fffff800`80a93000   WDFLDR     (deferred)             
    Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
    Image name: WDFLDR.SYS
    Timestamp:        ***** Invalid (977C0BBB)
    CheckSum:         00013DC3
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80aa0000 fffff800`80aaf000   SleepStudyHelper   (deferred)             
    Image path: \SystemRoot\system32\drivers\SleepStudyHelper.sys
    Image name: SleepStudyHelper.sys
    Timestamp:        Thu May 23 08:28:59 2024 (664F6ECB)
    CheckSum:         0000FC58
    ImageSize:        0000F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80ab0000 fffff800`80ac1000   WppRecorder   (deferred)             
    Image path: \SystemRoot\system32\drivers\WppRecorder.sys
    Image name: WppRecorder.sys
    Timestamp:        Fri Mar 06 01:14:40 1981 (15060D00)
    CheckSum:         0001415E
    ImageSize:        00011000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80ad0000 fffff800`80af6000   acpiex     (deferred)             
    Image path: \SystemRoot\System32\Drivers\acpiex.sys
    Image name: acpiex.sys
    Timestamp:        ***** Invalid (C8D60B44)
    CheckSum:         000302D2
    ImageSize:        00026000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80b00000 fffff800`80b4b000   mssecflt   (deferred)             
    Image path: \SystemRoot\system32\drivers\mssecflt.sys
    Image name: mssecflt.sys
    Timestamp:        ***** Invalid (A0E0786E)
    CheckSum:         0004FC86
    ImageSize:        0004B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80b50000 fffff800`80b6a000   SgrmAgent   (deferred)             
    Image path: \SystemRoot\system32\drivers\SgrmAgent.sys
    Image name: SgrmAgent.sys
    Timestamp:        ***** Invalid (A6474774)
    CheckSum:         0001E4FC
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80b70000 fffff800`80c3c000   ACPI       (deferred)             
    Image path: \SystemRoot\System32\drivers\ACPI.sys
    Image name: ACPI.sys
    Timestamp:        Thu Feb 10 11:30:37 1994 (2D5A8B5D)
    CheckSum:         000D341C
    ImageSize:        000CC000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80c40000 fffff800`80c4c000   WMILIB     (deferred)             
    Image path: \SystemRoot\System32\drivers\WMILIB.SYS
    Image name: WMILIB.SYS
    Timestamp:        ***** Invalid (CD518505)
    CheckSum:         00009CB9
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80c60000 fffff800`80ccb000   intelpep   (deferred)             
    Image path: \SystemRoot\System32\drivers\intelpep.sys
    Image name: intelpep.sys
    Timestamp:        ***** Invalid (81D95014)
    CheckSum:         0007468F
    ImageSize:        0006B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80cd0000 fffff800`80ce7000   WindowsTrustedRT   (deferred)             
    Image path: \SystemRoot\system32\drivers\WindowsTrustedRT.sys
    Image name: WindowsTrustedRT.sys
    Timestamp:        Sat May 19 00:53:30 2035 (7AF9978A)
    CheckSum:         0001BFFA
    ImageSize:        00017000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80cf0000 fffff800`80cfb000   IntelTA    (deferred)             
    Image path: \SystemRoot\System32\drivers\IntelTA.sys
    Image name: IntelTA.sys
    Timestamp:        ***** Invalid (AFECFEC8)
    CheckSum:         00008349
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80d00000 fffff800`80d0b000   WindowsTrustedRTProxy   (deferred)             
    Image path: \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
    Image name: WindowsTrustedRTProxy.sys
    Timestamp:        ***** Invalid (AA5F5790)
    CheckSum:         00007869
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80d10000 fffff800`80d24000   pcw        (deferred)             
    Image path: \SystemRoot\System32\drivers\pcw.sys
    Image name: pcw.sys
    Timestamp:        ***** Invalid (D212A83E)
    CheckSum:         000163F7
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80d30000 fffff800`80d70000   klupd_klif_arkmon   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klupd_klif_arkmon.sys
    Image name: klupd_klif_arkmon.sys
    Timestamp:        Wed Mar 24 02:36:11 2021 (605B161B)
    CheckSum:         00043547
    ImageSize:        00040000
    File version:     2.7.4.0
    Product version:  2.7.4.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Kaspersky Bases
    InternalName:     arkmon
    OriginalFilename: arkmon.sys
    ProductVersion:   2.7.4.0
    FileVersion:      2.7.4.0
    FileDescription:  Kaspersky Lab Anti-Rootkit Monitor Driver
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`80d80000 fffff800`80d8b000   msisadrv   (deferred)             
    Image path: \SystemRoot\System32\drivers\msisadrv.sys
    Image name: msisadrv.sys
    Timestamp:        ***** Invalid (D84D625E)
    CheckSum:         0000B688
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80d90000 fffff800`80da5000   vdrvroot   (deferred)             
    Image path: \SystemRoot\System32\drivers\vdrvroot.sys
    Image name: vdrvroot.sys
    Timestamp:        ***** Invalid (E613EBA7)
    CheckSum:         000184EC
    ImageSize:        00015000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80db0000 fffff800`80ddf000   pdc        (deferred)             
    Image path: \SystemRoot\system32\drivers\pdc.sys
    Image name: pdc.sys
    Timestamp:        Sat May 26 23:23:12 1984 (1B16F9E0)
    CheckSum:         000324F1
    ImageSize:        0002F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80de0000 fffff800`80df9000   CEA        (deferred)             
    Image path: \SystemRoot\system32\drivers\CEA.sys
    Image name: CEA.sys
    Timestamp:        Thu Jun 10 08:40:49 2032 (75736B91)
    CheckSum:         00022BC5
    ImageSize:        00019000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80e00000 fffff800`80e78000   pci        (deferred)             
    Image path: \SystemRoot\System32\drivers\pci.sys
    Image name: pci.sys
    Timestamp:        Wed Jul 29 03:09:24 2037 (7F1B0A64)
    CheckSum:         0007F6EF
    ImageSize:        00078000
    File version:     10.0.19041.488
    Product version:  10.0.19041.488
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     pci.sys
    OriginalFilename: pci.sys
    ProductVersion:   10.0.19041.488
    FileVersion:      10.0.19041.488 (WinBuild.160101.0800)
    FileDescription:  NT Plug and Play PCI Enumerator
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`80e80000 fffff800`80eb1000   partmgr    (deferred)             
    Image path: \SystemRoot\System32\drivers\partmgr.sys
    Image name: partmgr.sys
    Timestamp:        Sat Aug 06 18:26:06 2016 (57A69C3E)
    CheckSum:         0002D745
    ImageSize:        00031000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80ec0000 fffff800`80f6a000   spaceport   (deferred)             
    Image path: \SystemRoot\System32\drivers\spaceport.sys
    Image name: spaceport.sys
    Timestamp:        ***** Invalid (ABAEDF84)
    CheckSum:         000B3A4F
    ImageSize:        000AA000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80f70000 fffff800`80f89000   volmgr     (deferred)             
    Image path: \SystemRoot\System32\drivers\volmgr.sys
    Image name: volmgr.sys
    Timestamp:        Thu Nov 20 06:06:06 2025 (691F204E)
    CheckSum:         00021FF2
    ImageSize:        00019000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`80f90000 fffff800`80ff3000   volmgrx    (deferred)             
    Image path: \SystemRoot\System32\drivers\volmgrx.sys
    Image name: volmgrx.sys
    Timestamp:        Fri Nov 29 10:04:07 2013 (5298D717)
    CheckSum:         0006AB53
    ImageSize:        00063000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81000000 fffff800`8101e000   mountmgr   (deferred)             
    Image path: \SystemRoot\System32\drivers\mountmgr.sys
    Image name: mountmgr.sys
    Timestamp:        Fri May 11 14:20:58 2029 (6FA7424A)
    CheckSum:         00024BD0
    ImageSize:        0001E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81020000 fffff800`810b5000   mvs91xx    (deferred)             
    Image path: \SystemRoot\System32\drivers\mvs91xx.sys
    Image name: mvs91xx.sys
    Timestamp:        Tue Jan 19 21:47:12 2016 (569F1F60)
    CheckSum:         000577B0
    ImageSize:        00095000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`810c0000 fffff800`81170000   storport   (deferred)             
    Image path: \SystemRoot\System32\drivers\storport.sys
    Image name: storport.sys
    Timestamp:        ***** Invalid (8566CB6A)
    CheckSum:         000B9B99
    ImageSize:        000B0000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81180000 fffff800`81188000   mvxxmm     (deferred)             
    Image path: \SystemRoot\System32\drivers\mvxxmm.sys
    Image name: mvxxmm.sys
    Timestamp:        Tue Jan 19 21:46:43 2016 (569F1F43)
    CheckSum:         0000BA29
    ImageSize:        00008000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81190000 fffff800`812bf000   iaStorE    (deferred)             
    Image path: \SystemRoot\System32\drivers\iaStorE.sys
    Image name: iaStorE.sys
    Timestamp:        Mon Jan 13 13:05:06 2020 (5E1CDB82)
    CheckSum:         00110008
    ImageSize:        0012F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`812e0000 fffff800`812fa000   fileinfo   (deferred)             
    Image path: \SystemRoot\System32\drivers\fileinfo.sys
    Image name: fileinfo.sys
    Timestamp:        ***** Invalid (AEE275C2)
    CheckSum:         0002169B
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81300000 fffff800`81340000   Wof        (deferred)             
    Image path: \SystemRoot\System32\Drivers\Wof.sys
    Image name: Wof.sys
    Timestamp:        ***** Invalid (97F984C4)
    CheckSum:         0003D008
    ImageSize:        00040000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81350000 fffff800`81629000   Ntfs       (deferred)             
    Image path: \SystemRoot\System32\Drivers\Ntfs.sys
    Image name: Ntfs.sys
    Timestamp:        Sun Dec 21 22:54:01 1997 (349E0E89)
    CheckSum:         002C1FB0
    ImageSize:        002D9000
    File version:     10.0.19041.508
    Product version:  10.0.19041.508
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     ntfs.sys
    OriginalFilename: ntfs.sys
    ProductVersion:   10.0.19041.508
    FileVersion:      10.0.19041.508 (WinBuild.160101.0800)
    FileDescription:  NT File System Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`81630000 fffff800`8163d000   Fs_Rec     (deferred)             
    Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys
    Image name: Fs_Rec.sys
    Timestamp:        ***** Invalid (B9E5C55C)
    CheckSum:         00017B4B
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81640000 fffff800`817af000   ndis       (deferred)             
    Image path: \SystemRoot\system32\drivers\ndis.sys
    Image name: ndis.sys
    Timestamp:        ***** Invalid (A3B0E6FE)
    CheckSum:         0016EB12
    ImageSize:        0016F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`817b0000 fffff800`81848000   NETIO      (deferred)             
    Image path: \SystemRoot\system32\drivers\NETIO.SYS
    Image name: NETIO.SYS
    Timestamp:        Wed Jul 22 02:46:16 2015 (55AF7478)
    CheckSum:         000A160A
    ImageSize:        00098000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81850000 fffff800`81882000   ksecpkg    (deferred)             
    Image path: \SystemRoot\System32\Drivers\ksecpkg.sys
    Image name: ksecpkg.sys
    Timestamp:        ***** Invalid (EB0A8339)
    CheckSum:         0002E880
    ImageSize:        00032000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81890000 fffff800`81b7c000   tcpip      (deferred)             
    Image path: \SystemRoot\System32\drivers\tcpip.sys
    Image name: tcpip.sys
    Timestamp:        ***** Invalid (9976B086)
    CheckSum:         002E509B
    ImageSize:        002EC000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81b80000 fffff800`81bff000   fwpkclnt   (deferred)             
    Image path: \SystemRoot\System32\drivers\fwpkclnt.sys
    Image name: fwpkclnt.sys
    Timestamp:        Wed Dec 18 17:08:15 1985 (1E076A7F)
    CheckSum:         0007F498
    ImageSize:        0007F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81c00000 fffff800`81c30000   wfplwfs    (deferred)             
    Image path: \SystemRoot\System32\drivers\wfplwfs.sys
    Image name: wfplwfs.sys
    Timestamp:        Mon Mar 31 19:31:38 1997 (3340819A)
    CheckSum:         00035119
    ImageSize:        00030000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81c40000 fffff800`81d09000   fvevol     (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\fvevol.sys
    Image name: fvevol.sys
    Timestamp:        Sat Nov 26 02:24:12 1994 (2ED70CCC)
    CheckSum:         000C5DEF
    ImageSize:        000C9000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81d10000 fffff800`81d1c000   apmwin     (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\apmwin.sys
    Image name: apmwin.sys
    Timestamp:        Wed Dec 28 01:12:34 2016 (58638202)
    CheckSum:         00012FAA
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81d20000 fffff800`81d33000   gpt_loader   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\gpt_loader.sys
    Image name: gpt_loader.sys
    Timestamp:        Wed Dec 28 01:12:24 2016 (586381F8)
    CheckSum:         00014F27
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81d40000 fffff800`81d4f000   mounthlp   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\mounthlp.sys
    Image name: mounthlp.sys
    Timestamp:        Wed Dec 28 01:12:27 2016 (586381FB)
    CheckSum:         0000FBFA
    ImageSize:        0000F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81d50000 fffff800`81d5b000   volume     (deferred)             
    Image path: \SystemRoot\System32\drivers\volume.sys
    Image name: volume.sys
    Timestamp:        ***** Invalid (83CF10C9)
    CheckSum:         000083D7
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81d60000 fffff800`81dcd000   volsnap    (deferred)             
    Image path: \SystemRoot\System32\drivers\volsnap.sys
    Image name: volsnap.sys
    Timestamp:        ***** Invalid (8AFD80F6)
    CheckSum:         00077353
    ImageSize:        0006D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81dd0000 fffff800`81e20000   rdyboost   (deferred)             
    Image path: \SystemRoot\System32\drivers\rdyboost.sys
    Image name: rdyboost.sys
    Timestamp:        Fri Feb 25 08:44:32 2033 (76CA3270)
    CheckSum:         00048E48
    ImageSize:        00050000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81e30000 fffff800`81e56000   mup        (deferred)             
    Image path: \SystemRoot\System32\Drivers\mup.sys
    Image name: mup.sys
    Timestamp:        ***** Invalid (FB1EDB95)
    CheckSum:         0002B433
    ImageSize:        00026000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81e60000 fffff800`81e79000   klupd_KLIF_klbg   (deferred)             
    Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klbg.sys
    Image name: klupd_KLIF_klbg.sys
    Timestamp:        Wed Mar 24 02:58:58 2021 (605B1B72)
    CheckSum:         000257EF
    ImageSize:        00019000
    File version:     11.7.3.0
    Product version:  11.7.3.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Kaspersky Bases
    InternalName:     klbg
    OriginalFilename: klbg.sys
    ProductVersion:   11.7.3.0
    FileVersion:      11.7.3.0
    FileDescription:  Kaspersky Lab Boot Guard Driver
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`81e80000 fffff800`81e92000   iorate     (deferred)             
    Image path: \SystemRoot\system32\drivers\iorate.sys
    Image name: iorate.sys
    Timestamp:        ***** Invalid (94A693A6)
    CheckSum:         0001BF87
    ImageSize:        00012000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81ea0000 fffff800`81eab000   iaStorF    (deferred)             
    Image path: \SystemRoot\System32\drivers\iaStorF.sys
    Image name: iaStorF.sys
    Timestamp:        Fri Nov 24 02:31:28 2017 (5A17F500)
    CheckSum:         00016CC4
    ImageSize:        0000B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81ed0000 fffff800`81eec000   disk       (deferred)             
    Image path: \SystemRoot\System32\drivers\disk.sys
    Image name: disk.sys
    Timestamp:        Tue Feb 01 17:11:22 1994 (2D4EFDBA)
    CheckSum:         00020B81
    ImageSize:        0001C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`81ef0000 fffff800`81f5c000   CLASSPNP   (deferred)             
    Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS
    Image name: CLASSPNP.SYS
    Timestamp:        Tue Jun 30 09:16:26 1981 (159F6BEA)
    CheckSum:         0006AD87
    ImageSize:        0006C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82400000 fffff800`824d6000   peauth     (deferred)             
    Image path: \SystemRoot\system32\drivers\peauth.sys
    Image name: peauth.sys
    Timestamp:        Thu Jun 30 12:25:54 1977 (0E1978D2)
    CheckSum:         000CAE00
    ImageSize:        000D6000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`824e0000 fffff800`824fc000   rassstp    (deferred)             
    Image path: \SystemRoot\System32\drivers\rassstp.sys
    Image name: rassstp.sys
    Timestamp:        Fri Feb 01 21:39:06 2002 (3C5B7B7A)
    CheckSum:         0001D4E6
    ImageSize:        0001C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82500000 fffff800`8251d000   NDProxy    (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\NDProxy.sys
    Image name: NDProxy.sys
    Timestamp:        ***** Invalid (D564EC29)
    CheckSum:         00022253
    ImageSize:        0001D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82520000 fffff800`82547000   AgileVpn   (deferred)             
    Image path: \SystemRoot\System32\drivers\AgileVpn.sys
    Image name: AgileVpn.sys
    Timestamp:        ***** Invalid (F4378452)
    CheckSum:         00023624
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82550000 fffff800`82568000   uaspstor   (deferred)             
    Image path: \SystemRoot\System32\drivers\uaspstor.sys
    Image name: uaspstor.sys
    Timestamp:        Thu Jun 24 20:11:29 2004 (40DBA5F1)
    CheckSum:         0001535A
    ImageSize:        00018000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82570000 fffff800`82589000   klbackupdisk   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
    Image name: klbackupdisk.sys
    Timestamp:        Mon Jan 25 08:51:07 2021 (600EF6FB)
    CheckSum:         00029377
    ImageSize:        00019000
    File version:     30.587.0.170
    Product version:  30.587.0.170
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klbackupdisk
    ProductVersion:   30.587.0.170-e30f0c58d6
    FileVersion:      30.587.0.170
    FileDescription:  Backup Disk Filter [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`82590000 fffff800`825c0000   cdrom      (deferred)             
    Image path: \SystemRoot\System32\drivers\cdrom.sys
    Image name: cdrom.sys
    Timestamp:        ***** Invalid (D4B31131)
    CheckSum:         000346A0
    ImageSize:        00030000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`825d0000 fffff800`8265a000   klflt      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klflt.sys
    Image name: klflt.sys
    Timestamp:        Fri Feb 19 05:50:35 2021 (602FC22B)
    CheckSum:         00088DDE
    ImageSize:        0008A000
    File version:     30.587.0.1070
    Product version:  30.587.0.1070
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klflt
    ProductVersion:   30.587.0.1070-a81ac642e3
    FileVersion:      30.587.0.1070
    FileDescription:  Filter Core [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`82660000 fffff800`82691000   klbackupflt   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
    Image name: klbackupflt.sys
    Timestamp:        Fri Feb 05 16:46:23 2021 (601DE6DF)
    CheckSum:         00037AFC
    ImageSize:        00031000
    File version:     30.587.0.810
    Product version:  30.587.0.810
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klbackupflt
    ProductVersion:   30.587.0.810-636fda9fe5
    FileVersion:      30.587.0.810
    FileDescription:  Backup File Filter [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`826a0000 fffff800`826b5000   filecrypt   (deferred)             
    Image path: \SystemRoot\system32\drivers\filecrypt.sys
    Image name: filecrypt.sys
    Timestamp:        Fri Mar 01 03:12:42 2002 (3C7F622A)
    CheckSum:         0000FEC3
    ImageSize:        00015000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`826c0000 fffff800`826ce000   tbs        (deferred)             
    Image path: \SystemRoot\system32\drivers\tbs.sys
    Image name: tbs.sys
    Timestamp:        ***** Invalid (BBC1ED87)
    CheckSum:         00011119
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`826d0000 fffff800`827d9000   klif       (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klif.sys
    Image name: klif.sys
    Timestamp:        Fri Feb 19 05:51:17 2021 (602FC255)
    CheckSum:         0010D1EF
    ImageSize:        00109000
    File version:     30.587.0.1070
    Product version:  30.587.0.1070
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klif
    ProductVersion:   30.587.0.1070-a81ac642e3
    FileVersion:      30.587.0.1070
    FileDescription:  Core System Interceptors [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`827e0000 fffff800`82856000   ks         (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\ks.sys
    Image name: ks.sys
    Timestamp:        ***** Invalid (F812DE3F)
    CheckSum:         000751CB
    ImageSize:        00076000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82860000 fffff800`829df000   klhk       (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klhk.sys
    Image name: klhk.sys
    Timestamp:        Mon Jan 25 08:51:13 2021 (600EF701)
    CheckSum:         0015F58F
    ImageSize:        0017F000
    File version:     30.587.0.170
    Product version:  30.587.0.170
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klhk
    ProductVersion:   30.587.0.170-e30f0c58d6
    FileVersion:      30.587.0.170
    FileDescription:  klhk [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`829e0000 fffff800`82a0b000   pacer      (deferred)             
    Image path: \SystemRoot\System32\drivers\pacer.sys
    Image name: pacer.sys
    Timestamp:        ***** Invalid (FECCC466)
    CheckSum:         0003603B
    ImageSize:        0002B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82a40000 fffff800`82a5e000   crashdmp   (deferred)             
    Image path: \SystemRoot\System32\Drivers\crashdmp.sys
    Image name: crashdmp.sys
    Timestamp:        ***** Invalid (9A19AF81)
    CheckSum:         0002129E
    ImageSize:        0001E000
    File version:     10.0.19041.1
    Product version:  10.0.19041.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     crashdmp.sys
    OriginalFilename: crashdmp.sys
    ProductVersion:   10.0.19041.1
    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
    FileDescription:  Crash Dump Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`82ae0000 fffff800`82b1a000   ndiswan    (deferred)             
    Image path: \SystemRoot\System32\drivers\ndiswan.sys
    Image name: ndiswan.sys
    Timestamp:        ***** Invalid (88F100F4)
    CheckSum:         0003FFCA
    ImageSize:        0003A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82b20000 fffff800`82b57000   klupd_KLIF_mark   (deferred)             
    Image path: \SystemRoot\System32\Drivers\klupd_KLIF_mark.sys
    Image name: klupd_KLIF_mark.sys
    Timestamp:        Wed Mar 24 02:34:52 2021 (605B15CC)
    CheckSum:         0003EA59
    ImageSize:        00037000
    File version:     6.6.3.0
    Product version:  6.6.3.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Kaspersky Bases
    InternalName:     mark
    OriginalFilename: mark.sys
    ProductVersion:   6.6.3.0
    FileVersion:      6.6.3.0
    FileDescription:  Kaspersky Lab Anti-Rootkit Memory Driver
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`82b60000 fffff800`82b9c000   klupd_KLIF_swmon   (deferred)             
    Image path: \SystemRoot\System32\Drivers\klupd_KLIF_swmon.sys
    Image name: klupd_KLIF_swmon.sys
    Timestamp:        Thu Aug 19 08:36:35 2021 (611E8893)
    CheckSum:         00047C85
    ImageSize:        0003C000
    File version:     1.12.5.0
    Product version:  1.12.5.0
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Kaspersky Bases
    InternalName:     swmon
    OriginalFilename: swmon.sys
    ProductVersion:   1.12.5.0
    FileVersion:      1.12.5.0
    FileDescription:  Kaspersky Lab System Watcher Monitor Driver
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`82bb0000 fffff800`82bc4000   ndiscap    (deferred)             
    Image path: \SystemRoot\System32\drivers\ndiscap.sys
    Image name: ndiscap.sys
    Timestamp:        ***** Invalid (DCEEC70E)
    CheckSum:         0001C38B
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82bd0000 fffff800`82be4000   netbios    (deferred)             
    Image path: \SystemRoot\system32\drivers\netbios.sys
    Image name: netbios.sys
    Timestamp:        Fri Nov 12 13:10:06 2021 (618ED82E)
    CheckSum:         0001A9AF
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82c00000 fffff800`82fa4000   dxgkrnl    (deferred)             
    Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
    Image name: dxgkrnl.sys
    Timestamp:        ***** Invalid (B20216B8)
    CheckSum:         0039F5F1
    ImageSize:        003A4000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82fb0000 fffff800`82fc8000   watchdog   (deferred)             
    Image path: \SystemRoot\System32\drivers\watchdog.sys
    Image name: watchdog.sys
    Timestamp:        Fri Jun 16 16:44:59 2006 (4493508B)
    CheckSum:         000222BD
    ImageSize:        00018000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82fd0000 fffff800`82fe6000   BasicDisplay   (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_62ba5773ba05edee\BasicDisplay.sys
    Image name: BasicDisplay.sys
    Timestamp:        ***** Invalid (A2092B45)
    CheckSum:         0001C212
    ImageSize:        00016000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`82ff0000 fffff800`83001000   BasicRender   (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_49a8589f00d970d9\BasicRender.sys
    Image name: BasicRender.sys
    Timestamp:        ***** Invalid (EE8C9717)
    CheckSum:         00016443
    ImageSize:        00011000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83010000 fffff800`83017000   DamewareMini   (deferred)             
    Image path: \SystemRoot\System32\drivers\DamewareMini.sys
    Image name: DamewareMini.sys
    Timestamp:        Sun Mar 16 10:42:28 2008 (47DD6A14)
    CheckSum:         0000921C
    ImageSize:        00007000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83020000 fffff800`83035000   VIDEOPRT   (deferred)             
    Image path: \SystemRoot\System32\drivers\VIDEOPRT.SYS
    Image name: VIDEOPRT.SYS
    Timestamp:        Thu Jan 18 03:16:03 1979 (11047A73)
    CheckSum:         000159DE
    ImageSize:        00015000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83040000 fffff800`8305c000   Npfs       (deferred)             
    Image path: \SystemRoot\System32\Drivers\Npfs.SYS
    Image name: Npfs.SYS
    Timestamp:        ***** Invalid (9E3E4C73)
    CheckSum:         000192F7
    ImageSize:        0001C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83060000 fffff800`83071000   Msfs       (deferred)             
    Image path: \SystemRoot\System32\Drivers\Msfs.SYS
    Image name: Msfs.SYS
    Timestamp:        ***** Invalid (95155DF1)
    CheckSum:         0001A9B5
    ImageSize:        00011000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83080000 fffff800`8309b000   CimFS      (deferred)             
    Image path: \SystemRoot\System32\Drivers\CimFS.SYS
    Image name: CimFS.SYS
    Timestamp:        Sun Nov 15 00:49:44 2037 (7FAA9D28)
    CheckSum:         00018CE5
    ImageSize:        0001B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`830a0000 fffff800`830c4000   klwfp      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
    Image name: klwfp.sys
    Timestamp:        ***** Invalid (EB577675)
    CheckSum:         0002CDC2
    ImageSize:        00024000
    File version:     30.587.0.170
    Product version:  30.587.0.170
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klwfp
    ProductVersion:   30.587.0.170-e30f0c58d6
    FileVersion:      30.587.0.170
    FileDescription:  WFP Network Filter [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`830d0000 fffff800`830f2000   tdx        (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\tdx.sys
    Image name: tdx.sys
    Timestamp:        Thu Oct 03 22:47:28 1991 (28EC0E80)
    CheckSum:         000273F3
    ImageSize:        00022000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83100000 fffff800`83110000   TDI        (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\TDI.SYS
    Image name: TDI.SYS
    Timestamp:        ***** Invalid (D1AD2BD4)
    CheckSum:         0000D19A
    ImageSize:        00010000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83120000 fffff800`83135000   klim6      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klim6.sys
    Image name: klim6.sys
    Timestamp:        ***** Invalid (D15AC501)
    CheckSum:         0002025E
    ImageSize:        00015000
    File version:     30.587.0.930
    Product version:  30.587.0.930
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klim6
    ProductVersion:   30.587.0.930-ef5965511c
    FileVersion:      30.587.0.930
    FileDescription:  Packet Network Filter [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`83140000 fffff800`8315a000   vwififlt   (deferred)             
    Image path: \SystemRoot\System32\drivers\vwififlt.sys
    Image name: vwififlt.sys
    Timestamp:        Wed Jan 06 23:07:33 2010 (4B458835)
    CheckSum:         0001814D
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83170000 fffff800`83212000   klgse      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klgse.sys
    Image name: klgse.sys
    Timestamp:        Mon Feb 08 07:51:31 2021 (60215E03)
    CheckSum:         000A7591
    ImageSize:        000A2000
    File version:     30.587.0.830
    Product version:  30.587.0.830
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klgse
    ProductVersion:   30.587.0.830-2713fb5b5d
    FileVersion:      30.587.0.830
    FileDescription:  Security Extender [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`83220000 fffff800`83232000   klpd       (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klpd.sys
    Image name: klpd.sys
    Timestamp:        Mon Jan 25 08:51:07 2021 (600EF6FB)
    CheckSum:         0001F6D9
    ImageSize:        00012000
    File version:     30.587.0.170
    Product version:  30.587.0.170
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klpd
    ProductVersion:   30.587.0.170-e30f0c58d6
    FileVersion:      30.587.0.170
    FileDescription:  Format Recognizer [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
Page 20001f64b too large to be in the dump file.
fffff800`83240000 fffff800`8324a000   Null       (deferred)             
    Image path: \SystemRoot\System32\Drivers\Null.SYS
    Image name: Null.SYS
Page 20001f64b too large to be in the dump file.
    Timestamp:        unavailable (FFFFFFFE)
    CheckSum:         missing
    ImageSize:        0000A000
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
Page 20001f64b too large to be in the dump file.
fffff800`83250000 fffff800`8325a000   Beep       (deferred)             
    Image path: \SystemRoot\System32\Drivers\Beep.SYS
    Image name: Beep.SYS
    Timestamp:        ***** Invalid (E4AC8238)
    CheckSum:         00008685
    ImageSize:        0000A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83260000 fffff800`8326d000   dwvkbd64   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\dwvkbd64.sys
    Image name: dwvkbd64.sys
    Timestamp:        Wed Apr 11 13:22:37 2007 (461D519D)
    CheckSum:         0000A755
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83270000 fffff800`832cc000   netbt      (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\netbt.sys
    Image name: netbt.sys
    Timestamp:        ***** Invalid (8908830E)
    CheckSum:         000553BD
    ImageSize:        0005C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`832d0000 fffff800`832e3000   afunix     (deferred)             
    Image path: \SystemRoot\system32\drivers\afunix.sys
    Image name: afunix.sys
    Timestamp:        ***** Invalid (9501F0D8)
    CheckSum:         00018987
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`832f0000 fffff800`83393000   afd        (deferred)             
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image name: afd.sys
    Timestamp:        ***** Invalid (CC0C9B73)
    CheckSum:         000A334A
    ImageSize:        000A3000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`833a0000 fffff800`833eb000   klwtp      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
    Image name: klwtp.sys
    Timestamp:        ***** Invalid (F54B0C36)
    CheckSum:         0005B951
    ImageSize:        0004B000
    File version:     30.587.0.590
    Product version:  30.587.0.590
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klwtp
    ProductVersion:   30.587.0.590-5f439758d8
    FileVersion:      30.587.0.590
    FileDescription:  WFP Network Connection Filter Driver [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`83400000 fffff800`83412000   nsiproxy   (deferred)             
    Image path: \SystemRoot\system32\drivers\nsiproxy.sys
    Image name: nsiproxy.sys
    Timestamp:        ***** Invalid (E65AB811)
    CheckSum:         0001515A
    ImageSize:        00012000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83420000 fffff800`8342e000   npsvctrig   (deferred)             
    Image path: \SystemRoot\System32\drivers\npsvctrig.sys
    Image name: npsvctrig.sys
    Timestamp:        Sun Jan 05 18:41:12 2025 (677B42C8)
    CheckSum:         000119D3
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83430000 fffff800`83440000   mssmbios   (deferred)             
    Image path: \SystemRoot\System32\drivers\mssmbios.sys
    Image name: mssmbios.sys
    Timestamp:        Thu Mar 17 08:26:02 2022 (6233611A)
    CheckSum:         0000DD1D
    ImageSize:        00010000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83450000 fffff800`83499000   kneps      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\kneps.sys
    Image name: kneps.sys
    Timestamp:        ***** Invalid (CEAE8F0E)
    CheckSum:         00049AF2
    ImageSize:        00049000
    File version:     30.587.0.460
    Product version:  30.587.0.460
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     kneps
    ProductVersion:   30.587.0.460-f74872ca72
    FileVersion:      30.587.0.460
    FileDescription:  Network Processor [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`834f0000 fffff800`834fa000   gpuenergydrv   (deferred)             
    Image path: \SystemRoot\System32\drivers\gpuenergydrv.sys
    Image name: gpuenergydrv.sys
    Timestamp:        ***** Invalid (F10C03D8)
    CheckSum:         00009EA6
    ImageSize:        0000A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83500000 fffff800`8352c000   dfsc       (deferred)             
    Image path: \SystemRoot\System32\Drivers\dfsc.sys
    Image name: dfsc.sys
    Timestamp:        ***** Invalid (F5D01020)
    CheckSum:         00031317
    ImageSize:        0002C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83530000 fffff800`83545000   tcpipreg   (deferred)             
    Image path: \SystemRoot\System32\drivers\tcpipreg.sys
    Image name: tcpipreg.sys
    Timestamp:        Fri May 11 20:43:31 1973 (0651E2F3)
    CheckSum:         0001BF67
    ImageSize:        00015000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83550000 fffff800`83567000   bam        (deferred)             
    Image path: \SystemRoot\system32\drivers\bam.sys
    Image name: bam.sys
    Timestamp:        Fri Mar 26 23:41:44 2010 (4BADB6B8)
    CheckSum:         00019328
    ImageSize:        00017000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83570000 fffff800`835be000   ahcache    (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\ahcache.sys
    Image name: ahcache.sys
    Timestamp:        Tue Mar 26 11:33:15 2019 (5C9A7E7B)
    CheckSum:         00052E71
    ImageSize:        0004E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`835c0000 fffff800`835d4000   kbdclass   (deferred)             
    Image path: \SystemRoot\System32\drivers\kbdclass.sys
    Image name: kbdclass.sys
    Timestamp:        Mon Mar 25 01:20:10 1996 (3156654A)
    CheckSum:         0001CE1A
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`835e0000 fffff800`835f2000   CompositeBus   (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
    Image name: CompositeBus.sys
    Timestamp:        Wed Oct 28 00:32:02 2026 (6AE1B302)
    CheckSum:         00015BD2
    ImageSize:        00012000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83600000 fffff800`8360d000   kdnic      (deferred)             
    Image path: \SystemRoot\System32\drivers\kdnic.sys
    Image name: kdnic.sys
    Timestamp:        ***** Invalid (9401D3B8)
    CheckSum:         000178DD
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83610000 fffff800`83625000   umbus      (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
    Image name: umbus.sys
    Timestamp:        ***** Invalid (E7B4847E)
    CheckSum:         0001394F
    ImageSize:        00015000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83630000 fffff800`8375f000   dump_iaStorE   (deferred)             
    Image path: \SystemRoot\System32\drivers\dump_iaStorE.sys
    Image name: dump_iaStorE.sys
    Timestamp:        Mon Jan 13 13:05:06 2020 (5E1CDB82)
    CheckSum:         00110008
    ImageSize:        0012F000
    File version:     6.3.0.1022
    Product version:  6.3.0.1022
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Intel Corporation
    ProductName:      Intel Virtual RAID on CPUdriver 
    InternalName:     iaStor.sys
    OriginalFilename: iaStor.sys
    ProductVersion:   6.3.0.1022
    FileVersion:      6.3.0.1022
    PrivateBuild:     6.3.0.1022
    SpecialBuild:     6.3.0.1022
    FileDescription:  Intel Virtual RAID on CPUdriver - x64
    LegalCopyright:   Copyright(C) Intel Corporation 1994-2019
    LegalTrademarks:  Copyright(C) Intel Corporation 1994-2019
    Comments:         -x64
fffff800`83760000 fffff800`83841000   dxgmms2    (deferred)             
    Image path: \SystemRoot\System32\drivers\dxgmms2.sys
    Image name: dxgmms2.sys
    Timestamp:        Thu Apr 09 16:03:45 1970 (00828561)
    CheckSum:         000EB4C5
    ImageSize:        000E1000
    File version:     10.0.19041.508
    Product version:  10.0.19041.508
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     dxgmms2.sys
    OriginalFilename: dxgmms2.sys
    ProductVersion:   10.0.19041.508
    FileVersion:      10.0.19041.508 (WinBuild.160101.0800)
    FileDescription:  DirectX Graphics MMS
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`83850000 fffff800`83886000   wcifs      (deferred)             
    Image path: \SystemRoot\system32\drivers\wcifs.sys
    Image name: wcifs.sys
    Timestamp:        Sun Jan 31 18:32:49 2027 (6B5FEED1)
    CheckSum:         0004091A
    ImageSize:        00036000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83890000 fffff800`83910000   cldflt     (deferred)             
    Image path: \SystemRoot\system32\drivers\cldflt.sys
    Image name: cldflt.sys
    Timestamp:        Thu Mar 20 15:36:50 2003 (3E7A5092)
    CheckSum:         0007EBD7
    ImageSize:        00080000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83920000 fffff800`83947000   tsusbhub   (deferred)             
    Image path: \SystemRoot\System32\drivers\tsusbhub.sys
    Image name: tsusbhub.sys
    Timestamp:        Sun Dec 06 01:15:32 2020 (5FCCA134)
    CheckSum:         0002CCCD
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83950000 fffff800`83977000   bindflt    (deferred)             
    Image path: \SystemRoot\system32\drivers\bindflt.sys
    Image name: bindflt.sys
    Timestamp:        ***** Invalid (E3483DD4)
    CheckSum:         0002F4EE
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83980000 fffff800`839a5000   bowser     (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\bowser.sys
    Image name: bowser.sys
    Timestamp:        ***** Invalid (EDAC6813)
    CheckSum:         00024E4F
    ImageSize:        00025000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`839b0000 fffff800`83a06000   msquic     (deferred)             
    Image path: \SystemRoot\system32\drivers\msquic.sys
    Image name: msquic.sys
    Timestamp:        ***** Invalid (DE688303)
    CheckSum:         0005615F
    ImageSize:        00056000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83a10000 fffff800`83aa3000   mrxsmb     (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
    Image name: mrxsmb.sys
    Timestamp:        ***** Invalid (CDB159C0)
    CheckSum:         0008D9C7
    ImageSize:        00093000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83ab0000 fffff800`83af5000   mrxsmb20   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    Image name: mrxsmb20.sys
    Timestamp:        ***** Invalid (C5AEA72C)
    CheckSum:         0004D662
    ImageSize:        00045000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83b00000 fffff800`83b13000   condrv     (deferred)             
    Image path: \SystemRoot\System32\drivers\condrv.sys
    Image name: condrv.sys
    Timestamp:        ***** Invalid (B47B2254)
    CheckSum:         0001B87D
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83b20000 fffff800`83b72000   srvnet     (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\srvnet.sys
    Image name: srvnet.sys
    Timestamp:        Sat Aug 04 03:40:17 2001 (3B6BDF21)
    CheckSum:         000539AC
    ImageSize:        00052000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83b80000 fffff800`83c47000   srv2       (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\srv2.sys
    Image name: srv2.sys
    Timestamp:        ***** Invalid (EE8E2F4F)
    CheckSum:         000C31D2
    ImageSize:        000C7000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83c50000 fffff800`83c68000   lltdio     (deferred)             
    Image path: \SystemRoot\system32\drivers\lltdio.sys
    Image name: lltdio.sys
    Timestamp:        ***** Invalid (D4D91B57)
    CheckSum:         00012B46
    ImageSize:        00018000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83c70000 fffff800`83c8b000   rspndr     (deferred)             
    Image path: \SystemRoot\system32\drivers\rspndr.sys
    Image name: rspndr.sys
    Timestamp:        ***** Invalid (9E43BCCD)
    CheckSum:         000194E8
    ImageSize:        0001B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83c90000 fffff800`83cad000   wanarp     (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\wanarp.sys
    Image name: wanarp.sys
    Timestamp:        Wed Dec 08 07:58:18 1976 (0D0C481A)
    CheckSum:         0001B428
    ImageSize:        0001D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83cb0000 fffff800`83cca000   mpsdrv     (deferred)             
    Image path: \SystemRoot\System32\drivers\mpsdrv.sys
    Image name: mpsdrv.sys
    Timestamp:        Thu Nov 03 06:07:36 1977 (0EBF3D28)
    CheckSum:         00019727
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83cd0000 fffff800`83e56000   HTTP       (deferred)             
    Image path: \SystemRoot\system32\drivers\HTTP.sys
    Image name: HTTP.sys
    Timestamp:        Sat Aug 09 12:01:22 2003 (3F355312)
    CheckSum:         0018B770
    ImageSize:        00186000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83e60000 fffff800`83e6f000   ndistapi   (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\ndistapi.sys
    Image name: ndistapi.sys
    Timestamp:        Mon Aug 10 20:11:42 1987 (211E997E)
    CheckSum:         0001530C
    ImageSize:        0000F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83e70000 fffff800`83e84000   mmcss      (deferred)             
    Image path: \SystemRoot\system32\drivers\mmcss.sys
    Image name: mmcss.sys
    Timestamp:        ***** Invalid (A1F3B590)
    CheckSum:         000108D9
    ImageSize:        00014000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83e90000 fffff800`83ee2000   mrxsmb10   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    Image name: mrxsmb10.sys
    Timestamp:        ***** Invalid (ABA1F2CF)
    CheckSum:         0005A30C
    ImageSize:        00052000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83ef0000 fffff800`83f17000   Ndu        (deferred)             
    Image path: \SystemRoot\system32\drivers\Ndu.sys
    Image name: Ndu.sys
    Timestamp:        ***** Invalid (ABC6C894)
    CheckSum:         000213E1
    ImageSize:        00027000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83f20000 fffff800`83fb4000   srv        (deferred)             
    Image path: \SystemRoot\System32\DRIVERS\srv.sys
    Image name: srv.sys
    Timestamp:        Mon Mar 31 20:28:23 1997 (33408EE7)
    CheckSum:         0006E57C
    ImageSize:        00094000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`83fc0000 fffff800`84061000   Vid        (deferred)             
    Image path: \SystemRoot\System32\drivers\Vid.sys
    Image name: Vid.sys
    Timestamp:        ***** Invalid (D8B48452)
    CheckSum:         000AB1EA
    ImageSize:        000A1000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`84070000 fffff800`84091000   winhvr     (deferred)             
    Image path: \SystemRoot\System32\drivers\winhvr.sys
    Image name: winhvr.sys
    Timestamp:        ***** Invalid (C1F13DBD)
    CheckSum:         0001EA8A
    ImageSize:        00021000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`840a0000 fffff800`840b5000   klpnpflt   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klpnpflt.sys
    Image name: klpnpflt.sys
    Timestamp:        Mon Jan 25 08:51:08 2021 (600EF6FC)
    CheckSum:         0002062B
    ImageSize:        00015000
    File version:     30.587.0.170
    Product version:  30.587.0.170
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klpnpflt
    ProductVersion:   30.587.0.170-e30f0c58d6
    FileVersion:      30.587.0.170
    FileDescription:  Generic PnP filter [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`840c0000 fffff800`840d7000   klfltdev   (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\klfltdev.sys
    Image name: klfltdev.sys
    Timestamp:        Mon Jan 25 08:51:08 2021 (600EF6FC)
    CheckSum:         00021681
    ImageSize:        00017000
    File version:     30.587.0.170
    Product version:  30.587.0.170
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      AO Kaspersky Lab
    ProductName:      Coretech Delivery
    InternalName:     klfltdev
    ProductVersion:   30.587.0.170-e30f0c58d6
    FileVersion:      30.587.0.170
    FileDescription:  PnP Device Filter [fre_win7_x64]
    LegalCopyright:   © 2021 AO Kaspersky Lab. All Rights Reserved.
    LegalTrademarks:  Registered trademarks and service marks are the property of their respective owners
fffff800`840e0000 fffff800`8415b000   rdbss      (deferred)             
    Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
    Image name: rdbss.sys
    Timestamp:        Sat Jul 10 02:51:55 2010 (4C3850CB)
    CheckSum:         0007E4B9
    ImageSize:        0007B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`84160000 fffff800`841f4000   csc        (deferred)             
    Image path: \SystemRoot\system32\drivers\csc.sys
    Image name: csc.sys
    Timestamp:        Thu Sep 22 14:17:30 1994 (2E82027A)
    CheckSum:         00091932
    ImageSize:        00094000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85400000 fffff800`85444000   ucx01000   (deferred)             
    Image path: \SystemRoot\system32\drivers\ucx01000.sys
    Image name: ucx01000.sys
    Timestamp:        Wed Mar 07 16:31:05 1979 (11447CC9)
    CheckSum:         0004DFDA
    ImageSize:        00044000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85450000 fffff800`85484000   TeeDriverW8x64   (deferred)             
    Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
    Image name: TeeDriverW8x64.sys
    Timestamp:        Sun Nov 19 03:39:59 2017 (5A116D8F)
    CheckSum:         0003F054
    ImageSize:        00034000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85490000 fffff800`85526000   e1d68x64   (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_26255692c8b1c6b6\e1d68x64.sys
    Image name: e1d68x64.sys
    Timestamp:        Tue Sep 29 07:11:02 2020 (5F734E86)
    CheckSum:         00099A08
    ImageSize:        00096000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85530000 fffff800`8554a000   usbehci    (deferred)             
    Image path: \SystemRoot\System32\drivers\usbehci.sys
    Image name: usbehci.sys
    Timestamp:        Mon Jan 08 08:10:05 1979 (10F7905D)
    CheckSum:         000239DC
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85550000 fffff800`855c9000   USBPORT    (deferred)             
    Image path: \SystemRoot\System32\drivers\USBPORT.SYS
    Image name: USBPORT.SYS
    Timestamp:        Sat Nov 03 06:27:44 2029 (708EDB60)
    CheckSum:         0007822B
    ImageSize:        00079000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`855d0000 fffff800`855f1000   i8042prt   (deferred)             
    Image path: \SystemRoot\System32\drivers\i8042prt.sys
    Image name: i8042prt.sys
    Timestamp:        Wed Apr 03 23:16:01 2013 (515D28B1)
    CheckSum:         00022B0C
    ImageSize:        00021000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85600000 fffff800`8561c000   serial     (deferred)             
    Image path: \SystemRoot\System32\drivers\serial.sys
    Image name: serial.sys
    Timestamp:        Wed Apr 19 02:23:01 2017 (58F73A85)
    CheckSum:         0001B585
    ImageSize:        0001C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85620000 fffff800`8562f000   serenum    (deferred)             
    Image path: \SystemRoot\System32\drivers\serenum.sys
    Image name: serenum.sys
    Timestamp:        ***** Invalid (A5178D42)
    CheckSum:         00009616
    ImageSize:        0000F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85630000 fffff800`8563c000   wmiacpi    (deferred)             
    Image path: \SystemRoot\System32\drivers\wmiacpi.sys
    Image name: wmiacpi.sys
    Timestamp:        Wed Aug 19 05:20:44 2009 (4A8BFC2C)
    CheckSum:         0000CC2F
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85640000 fffff800`85680000   intelppm   (deferred)             
    Image path: \SystemRoot\System32\drivers\intelppm.sys
    Image name: intelppm.sys
    Timestamp:        Tue Jun 14 02:18:00 2016 (575FD9D8)
    CheckSum:         00047AB7
    ImageSize:        00040000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85690000 fffff800`856a0000   XtuAcpiDriver   (deferred)             
    Image path: \SystemRoot\System32\drivers\XtuAcpiDriver.sys
    Image name: XtuAcpiDriver.sys
    Timestamp:        Thu Mar 05 16:20:30 2020 (5E61974E)
    CheckSum:         0001DB9D
    ImageSize:        00010000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`856b0000 fffff800`856bd000   NdisVirtualBus   (deferred)             
    Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys
    Image name: NdisVirtualBus.sys
    Timestamp:        ***** Invalid (A7AE93D1)
    CheckSum:         00014F1D
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`856c0000 fffff800`856cc000   swenum     (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
    Image name: swenum.sys
    Timestamp:        ***** Invalid (E117266B)
    CheckSum:         000082C9
    ImageSize:        0000C000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`856d0000 fffff800`856de000   rdpbus     (deferred)             
    Image path: \SystemRoot\System32\drivers\rdpbus.sys
    Image name: rdpbus.sys
    Timestamp:        ***** Invalid (84DFD52A)
    CheckSum:         000106CE
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`856e0000 fffff800`85765000   usbhub     (deferred)             
    Image path: \SystemRoot\System32\drivers\usbhub.sys
    Image name: usbhub.sys
    Timestamp:        Mon Apr 24 01:59:16 2017 (58FDCC74)
    CheckSum:         00084516
    ImageSize:        00085000
    File version:     10.0.19041.1
    Product version:  10.0.19041.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     usbhub.sys
    OriginalFilename: usbhub.sys
    ProductVersion:   10.0.19041.1
    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
    FileDescription:  Default Hub Driver for USB
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`85770000 fffff800`8577e000   USBD       (deferred)             
    Image path: \SystemRoot\System32\drivers\USBD.SYS
    Image name: USBD.SYS
    Timestamp:        Wed Feb 02 14:47:35 2033 (76AC3507)
    CheckSum:         0000FFB7
    ImageSize:        0000E000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85780000 fffff800`857b8000   nvhda64v   (deferred)             
    Image path: \SystemRoot\system32\drivers\nvhda64v.sys
    Image name: nvhda64v.sys
    Timestamp:        Tue Jun 09 10:01:25 2020 (5EDFCE75)
    CheckSum:         0003B8F0
    ImageSize:        00038000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`857c0000 fffff800`857cf000   ksthunk    (deferred)             
    Image path: \SystemRoot\system32\drivers\ksthunk.sys
    Image name: ksthunk.sys
    Timestamp:        Thu Apr 25 06:23:02 1991 (2816E646)
    CheckSum:         00007961
    ImageSize:        0000F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`857d0000 fffff800`85873000   UsbHub3    (deferred)             
    Image path: \SystemRoot\System32\drivers\UsbHub3.sys
    Image name: UsbHub3.sys
    Timestamp:        ***** Invalid (FDA30E83)
    CheckSum:         000AC346
    ImageSize:        000A3000
    File version:     10.0.19041.264
    Product version:  10.0.19041.264
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     usbhub3.sys
    OriginalFilename: usbhub3.sys
    ProductVersion:   10.0.19041.264
    FileVersion:      10.0.19041.264 (WinBuild.160101.0800)
    FileDescription:  USB3 HUB Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`85880000 fffff800`85e5e000   RTKVHD64   (deferred)             
    Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
    Image name: RTKVHD64.sys
    Timestamp:        Thu Sep 24 02:20:38 2020 (5F6C72F6)
    CheckSum:         005EDBA6
    ImageSize:        005DE000
    File version:     6.0.9035.1
    Product version:  6.0.9035.1
    File flags:       8 (Mask 3F) Private
    File OS:          40004 NT Win32
    File type:        3.9 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Realtek Semiconductor Corp.
    ProductName:      Realtek(r) High Definition Audio Function Driver
    InternalName:     RTKVHD64.sys 9035
    OriginalFilename: RTKVHD64.sys
    ProductVersion:   6.0.9035.1
    FileVersion:      6.0.9035.1 built by: WinDDK
    FileDescription:  Realtek(r) High Definition Audio Function Driver
    LegalCopyright:   Copyright (c) Realtek Semiconductor Corp.1998-2013
fffff800`85e60000 fffff800`85e78000   mslldp     (deferred)             
    Image path: \SystemRoot\system32\drivers\mslldp.sys
    Image name: mslldp.sys
    Timestamp:        Wed Aug 07 19:50:12 2030 (71FCC6F4)
    CheckSum:         00016923
    ImageSize:        00018000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85e80000 fffff800`85e92000   hidusb     (deferred)             
    Image path: \SystemRoot\System32\drivers\hidusb.sys
    Image name: hidusb.sys
    Timestamp:        ***** Invalid (A66785A7)
    CheckSum:         000170ED
    ImageSize:        00012000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85ea0000 fffff800`85edf000   HIDCLASS   (deferred)             
    Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS
    Image name: HIDCLASS.SYS
    Timestamp:        ***** Invalid (A07210A7)
    CheckSum:         0003DA22
    ImageSize:        0003F000
    File version:     10.0.19041.1
    Product version:  10.0.19041.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        2.0 Dll
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     hidclass.sys
    OriginalFilename: hidclass.sys
    ProductVersion:   10.0.19041.1
    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
    FileDescription:  Hid Class Library
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`85ee0000 fffff800`85ef3000   HIDPARSE   (deferred)             
    Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS
    Image name: HIDPARSE.SYS
    Timestamp:        Wed Aug 27 17:20:06 1997 (3404D246)
    CheckSum:         00016359
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85f00000 fffff800`85f10000   mouhid     (deferred)             
    Image path: \SystemRoot\System32\drivers\mouhid.sys
    Image name: mouhid.sys
    Timestamp:        ***** Invalid (E502FBD9)
    CheckSum:         000173E5
    ImageSize:        00010000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85f20000 fffff800`85f33000   mouclass   (deferred)             
    Image path: \SystemRoot\System32\drivers\mouclass.sys
    Image name: mouclass.sys
    Timestamp:        Tue Jan 07 02:19:56 2003 (3E1AA9CC)
    CheckSum:         00019679
    ImageSize:        00013000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`85f50000 fffff800`85f5e000   dump_diskdump   (deferred)             
    Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys
    Image name: dump_diskdump.sys
    Timestamp:        ***** Invalid (95F39C8A)
    CheckSum:         0000B16B
    ImageSize:        0000E000
    File version:     10.0.19041.1
    Product version:  10.0.19041.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     diskdump.sys
    OriginalFilename: diskdump.sys
    ProductVersion:   10.0.19041.1
    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
    FileDescription:  Crash Dump Disk Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`860b0000 fffff800`860cd000   dump_dumpfve   (deferred)             
    Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys
    Image name: dump_dumpfve.sys
    Timestamp:        Thu Oct 05 10:32:17 2023 (651F0131)
    CheckSum:         00022E48
    ImageSize:        0001D000
    File version:     10.0.19041.1
    Product version:  10.0.19041.1
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0000.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     dumpfve.sys
    OriginalFilename: dumpfve.sys
    ProductVersion:   10.0.19041.1
    FileVersion:      10.0.19041.1 (WinBuild.160101.0800)
    FileDescription:  Bitlocker Drive Encryption Crashdump Filter
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`860d0000 fffff800`860eb000   monitor    (deferred)             
    Image path: \SystemRoot\System32\drivers\monitor.sys
    Image name: monitor.sys
    Timestamp:        Wed May 01 10:30:47 1985 (1CD682D7)
    CheckSum:         0001751B
    ImageSize:        0001B000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`860f0000 fffff800`860fd000   rdpvideominiport   (deferred)             
    Image path: \SystemRoot\System32\drivers\rdpvideominiport.sys
    Image name: rdpvideominiport.sys
    Timestamp:        Sun Jul 12 11:13:17 1981 (15AF594D)
    CheckSum:         00015381
    ImageSize:        0000D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`86100000 fffff800`8612f000   rdpdr      (deferred)             
    Image path: \SystemRoot\System32\drivers\rdpdr.sys
    Image name: rdpdr.sys
    Timestamp:        ***** Invalid (9EEF34DA)
    CheckSum:         0002BAD1
    ImageSize:        0002F000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`86130000 fffff800`86159000   luafv      (deferred)             
    Image path: \SystemRoot\system32\drivers\luafv.sys
    Image name: luafv.sys
    Timestamp:        Sat Jan 23 18:15:51 2016 (56A433D7)
    CheckSum:         00030A3A
    ImageSize:        00029000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`86160000 fffff800`8726d000   nvlddmkm   (deferred)             
    Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys
    Image name: nvlddmkm.sys
    Timestamp:        Fri Mar 23 15:02:22 2018 (5AB5877E)
    CheckSum:         010C6B80
    ImageSize:        0110D000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`87270000 fffff800`87295000   HDAudBus   (deferred)             
    Image path: \SystemRoot\System32\drivers\HDAudBus.sys
    Image name: HDAudBus.sys
    Timestamp:        Wed Nov 17 21:08:44 2021 (6195DFDC)
    CheckSum:         000268EC
    ImageSize:        00025000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`872a0000 fffff800`87306000   portcls    (deferred)             
    Image path: \SystemRoot\System32\drivers\portcls.sys
    Image name: portcls.sys
    Timestamp:        Mon Dec 23 15:28:58 2002 (3E079C3A)
    CheckSum:         0006B23D
    ImageSize:        00066000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`87310000 fffff800`87331000   drmk       (deferred)             
    Image path: \SystemRoot\System32\drivers\drmk.sys
    Image name: drmk.sys
    Timestamp:        ***** Invalid (92B1AC47)
    CheckSum:         0001A51A
    ImageSize:        00021000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4
fffff800`87340000 fffff800`873d8000   USBXHCI    (deferred)             
    Image path: \SystemRoot\System32\drivers\USBXHCI.SYS
    Image name: USBXHCI.SYS
    Timestamp:        Sun Aug 07 06:37:42 1994 (2E44F1B6)
    CheckSum:         0009CD76
    ImageSize:        00098000
    File version:     10.0.19041.488
    Product version:  10.0.19041.488
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        3.7 Driver
    File date:        00000000.00000000
    Translations:     0409.04b0
    CompanyName:      Microsoft Corporation
    ProductName:      Microsoft® Windows® Operating System
    InternalName:     usbxhci.sys
    OriginalFilename: usbxhci.sys
    ProductVersion:   10.0.19041.488
    FileVersion:      10.0.19041.488 (WinBuild.160101.0800)
    FileDescription:  USB XHCI Driver
    LegalCopyright:   © Microsoft Corporation. All rights reserved.
fffff800`873e0000 fffff800`873fa000   storqosflt   (deferred)             
    Image path: \SystemRoot\system32\drivers\storqosflt.sys
    Image name: storqosflt.sys
    Timestamp:        Mon Apr 09 10:08:30 2007 (461A811E)
    CheckSum:         00025AFB
    ImageSize:        0001A000
    Translations:     0000.04b0 0000.04e4 0409.04b0 0409.04e4

Unloaded modules:
fffff800`834a0000 fffff800`834e2000   klids.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00042000
fffff800`82ac0000 fffff800`82add000   raspppoe.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`82a90000 fffff800`82ab2000   raspptp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00022000
fffff800`82a60000 fffff800`82a82000   rasl2tp.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00022000
fffff800`83160000 fffff800`8316e000   WSDPrint.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000E000
fffff800`7eb70000 fffff800`7eb7f000   WpdUpFltr.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000F000
fffff800`7eb10000 fffff800`7eb65000   WUDFRd.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00055000
fffff800`7eb80000 fffff800`7eb9d000   EhStorClass.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`7f280000 fffff800`7f29d000   EhStorClass.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`82550000 fffff800`82569000   uaspstor.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00019000
fffff800`7ed60000 fffff800`7ed7d000   EhStorClass.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`834a0000 fffff800`834e2000   klids.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00042000
fffff800`83e60000 fffff800`83e6d000   csvol.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000D000
fffff800`82a70000 fffff800`82a7f000   dump_storport.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000F000
fffff800`82400000 fffff800`82530000   dump_iaStorE.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00130000
fffff800`82550000 fffff800`8256e000   dump_dumpfve.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001E000
fffff800`85e60000 fffff800`85e79000   uaspstor.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00019000
fffff800`812c0000 fffff800`812dd000   EhStorClass.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001D000
fffff800`83530000 fffff800`8354c000   dam.sys 
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0001C000
fffff800`80c50000 fffff800`80c5f000   klelam.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  0000F000
fffff800`81eb0000 fffff800`81ec1000   hwpolicy.sys
    Timestamp: unavailable (00000000)
    Checksum:  00000000
    ImageSize:  00011000
6: kd&gt; q
quit:

Private - Private paste aren't shown in recent listings.

Delete After - When should we delete your paste?

Spam protection -

Reply to "Untitled"