- Opened log file 'E:\Windows\msdart_crashanalyzer_kd_ansi.log'
- Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64
- Copyright (c) Microsoft Corporation. All rights reserved.
- Loading Dump File [E:\Windows\MEMORY.DMP]
- Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available.
- ************* Symbol Path validation summary **************
- Response Time (ms) Location
- Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols
- Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols
- Executable search path is:
- *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
- Windows 10 Kernel Version 19041 MP (8 procs) Free x64
- Product: WinNt, suite: TerminalServer SingleUserTS
- Built by: 19041.1.amd64fre.vb_release.191206-1406
- Machine Name:
- Kernel base = 0xfffff800`7be00000 PsLoadedModuleList = 0xfffff800`7ca2a310
- Debug session time: Mon Sep 20 03:12:30.931 2021 (UTC - 8:00)
- System Uptime: 0 days 6:10:01.548
- *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe -
- Loading Kernel Symbols
- ...............................................................
- .................Page 20001f64b too large to be in the dump file.
- ...............................................
- ................................................................
- ......
- Loading User Symbols
- Loading unloaded module list
- .....................
- ************* Symbol Loading Error Summary **************
- Module name Error
- ntkrnlmp The system cannot find the file specified
- You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
- You should also verify that your symbol search path (.sympath) is correct.
- No .natvis files found at X:\windows\system32\DebugTools\Visualizers.
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- Use !analyze -v to get detailed debugging information.
- BugCheck BE, {ffff900035b3a334, 8a00000005300021, ffffdc82017c6550, a}
- ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPCR ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KTHREAD ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- Probably caused by : ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!A371A2E91046000 )
- Followup: MachineOwner
- ---------
- 6: kd> .logclose
- Closing open log file E:\Windows\msdart_crashanalyzer_kd_ansi.log
- Opened log file 'E:\Windows\msdart_crashanalyzer_kd_unicode.log'
- 6: kd> !analyze -v
- *******************************************************************************
- * *
- * Bugcheck Analysis *
- * *
- *******************************************************************************
- ATTEMPTED_WRITE_TO_READONLY_MEMORY (be)
- An attempt was made to write to readonly memory. The guilty driver is on the
- stack trace (and is typically the current instruction pointer).
- When possible, the guilty driver's name (Unicode string) is printed on
- the bugcheck screen and saved in KiBugCheckDriver.
- Arguments:
- Arg1: ffff900035b3a334, Virtual address for the attempted write.
- Arg2: 8a00000005300021, PTE contents.
- Arg3: ffffdc82017c6550, (reserved)
- Arg4: 000000000000000a, (reserved)
- Debugging Details:
- ------------------
- ***** Kernel symbols are WRONG. Please fix symbols to do analysis.
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPCR ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KTHREAD ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_KPRCB ***
- *** ***
- *************************************************************************
- SYSTEM_SKU: To be filled by O.E.M.
- SYSTEM_VERSION: To be filled by O.E.M.
- BIOS_DATE: 03/18/2014
- BASEBOARD_PRODUCT: Z87X-UD3H-CF
- BASEBOARD_VERSION: x.x
- ADDITIONAL_DEBUG_TEXT:
- You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
- WRONG_SYMBOLS_TIMESTAMP: a371a2e9
- WRONG_SYMBOLS_SIZE: 1046000
- FAULTING_MODULE: fffff8007be00000 nt
- DEBUG_FLR_IMAGE_TIMESTAMP: a371a2e9
- BUGCHECK_P1: ffff900035b3a334
- BUGCHECK_P2: 8a00000005300021
- BUGCHECK_P3: ffffdc82017c6550
- BUGCHECK_P4: a
- CPU_COUNT: 8
- CPU_MHZ: d48
- CPU_VENDOR: GenuineIntel
- CPU_FAMILY: 6
- CPU_MODEL: 3c
- CPU_STEPPING: 3
- CURRENT_IRQL: 0
- ANALYSIS_VERSION: 10.0.10240.9 amd64fre
- LAST_CONTROL_TRANSFER: from fffff8007c22f11a to fffff8007c1f3ea0
- STACK_TEXT:
- ffffdc82`017c6358 fffff800`7c22f11a : 00000000`000000be ffff9000`35b3a334 8a000000`05300021 ffffdc82`017c6550 : nt!KeBugCheckEx
- ffffdc82`017c6360 fffff800`7c0eec6f : 8a000000`05300021 00000000`00000003 ffffdc82`017c65d0 00000000`00000000 : nt!memset+0x2809a
- ffffdc82`017c63b0 fffff800`7c20205e : ffff9000`018cda70 fffff800`7c125b72 ffff9000`018cda70 00000000`00000000 : nt!SeAccessCheckWithHint+0x37ff
- ffffdc82`017c6550 fffff800`7c0f9d81 : 000000fa`00000040 ffffa307`e840ed00 ffffa307`efb15740 fffff800`7ca51bf0 : nt!setjmpex+0x446e
- ffffdc82`017c66e0 fffff800`7c1285ba : 00000000`00067b60 00000000`00000000 00000000`001fd9ba ffff9000`05f8d2e0 : nt!SeAccessCheckWithHint+0xe911
- ffffdc82`017c6770 fffff800`7c111095 : 00000000`00000000 00000000`00000000 00000000`00000011 80000001`00000001 : nt!RtlAvlRemoveNode+0x3e3a
- ffffdc82`017c67f0 fffff800`7c151f8e : ffffa307`f2a8e850 ffffdc82`017c6918 00000000`00000000 00000000`00000000 : nt!IoGetBaseFileSystemDeviceObject+0x1345
- ffffdc82`017c68b0 fffff800`7c4e793e : 00000000`00088089 00000000`00000000 fffff800`7ca50b80 00000000`00088089 : nt!IoApplyPriorityInfoThread+0x42e
- ffffdc82`017c6910 fffff800`7c17ad04 : ffffa307`00000001 ffffa307`efb15740 00000000`00000000 00000000`00000000 : nt!CcUnpinData+0x92e
- ffffdc82`017c6960 fffff800`7c322f8d : 00000000`00000001 00000000`00000000 ffffdc82`017c69e0 ffffdc82`017c69e8 : nt!ExRegisterCallback+0x1e4
- ffffdc82`017c6990 fffff800`7c2a793b : 00000000`00000000 ffffa307`efb15740 fffff800`7ca51228 fffff800`7ca51290 : nt!KeStallWhileFrozen+0xb29d
- ffffdc82`017c69e0 fffff800`7c066dd5 : ffffa307`dafa1040 ffffa307`dafa1040 00000000`00000080 fffff800`7c1b8670 : nt!memset+0xa08bb
- ffffdc82`017c6c10 fffff800`7c1fb4f8 : ffffca80`8f1d2180 ffffa307`dafa1040 fffff800`7c066d80 00000000`00000000 : nt!RtlEndEnumerationHashTable+0x905
- ffffdc82`017c6c60 00000000`00000000 : ffffdc82`017c7000 ffffdc82`017c1000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x6438
- STACK_COMMAND: kb
- FOLLOWUP_IP:
- nt!SeAccessCheckWithHint+37ff
- fffff800`7c0eec6f e90ffeffff jmp nt!SeAccessCheckWithHint+0x3613 (fffff800`7c0eea83)
- SYMBOL_STACK_INDEX: 2
- FOLLOWUP_NAME: MachineOwner
- BUGCHECK_STR: A371A2E9
- EXCEPTION_CODE: (HRESULT) 0xa371a2e9 (2742133481) - <Unable to get error code text>
- FAILURE_EXCEPTION_CODE: A371A2E9
- EXCEPTION_STR: WRONG_SYMBOLS
- IMAGE_NAME: ntoskrnl.wrong.symbols.exe
- MODULE_NAME: nt_wrong_symbols
- SYMBOL_NAME: nt_wrong_symbols!A371A2E91046000
- BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441
- DEFAULT_BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441
- PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
- FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441_A371A2E9_nt_wrong_symbols!A371A2E91046000
- ANALYSIS_SOURCE: KM
- FAILURE_ID_HASH_STRING: km:wrong_symbols_x64_19041.1.amd64fre.vb_release.191206-1406_timestamp_561122-154441_a371a2e9_nt_wrong_symbols!a371a2e91046000
- FAILURE_ID_HASH: {e49aa84d-2ad1-9204-635d-8eb9b164a458}
- Followup: MachineOwner
- ---------
- 6: kd> !thread
- *************************************************************************
- *** ***
- *** ***
- *** Either you specified an unqualified symbol, or your debugger ***
- *** doesn't have full symbol information. Unqualified symbol ***
- *** resolution is turned off by default. Please either specify a ***
- *** fully qualified symbol module!symbolname, or enable resolution ***
- *** of unqualified symbols by typing ".symopt- 100". Note that ***
- *** enabling unqualified symbol resolution with network symbol ***
- *** server shares in the symbol path may cause the debugger to ***
- *** appear to hang for long periods of time when an incorrect ***
- *** symbol name is typed or the network symbol server is down. ***
- *** ***
- *** For some commands to work properly, your symbol path ***
- *** must point to .pdb files that have full type information. ***
- *** ***
- *** Certain .pdb files (such as the public OS symbols) do not ***
- *** contain the required information. Contact the group that ***
- *** provided you with these symbols if you need this command to ***
- *** work. ***
- *** ***
- *** Type referenced: nt!_ETHREAD ***
- *** ***
- *************************************************************************
- ffffa307dafa1040: Unable to get thread contents
- 6: kd> lm kv
- start end module name
- ffff944c`38a60000 ffff944c`38afa000 win32k (deferred)
- Image path: \SystemRoot\System32\win32k.sys
- Image name: win32k.sys
- Timestamp: ***** Invalid (E87370BB)
- CheckSum: 0009C34C
- ImageSize: 0009A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- ffff944c`38cc0000 ffff944c`38fa2000 win32kbase (deferred)
- Image path: \SystemRoot\System32\win32kbase.sys
- Image name: win32kbase.sys
- Timestamp: ***** Invalid (883B3E7C)
- CheckSum: 002DB69F
- ImageSize: 002E2000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- ffff944c`39000000 ffff944c`39048000 cdd (deferred)
- Image path: \SystemRoot\System32\cdd.dll
- Image name: cdd.dll
- Timestamp: Mon Jan 22 05:06:28 1996 (31038BD4)
- CheckSum: 0004D704
- ImageSize: 00048000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- ffff944c`39c10000 ffff944c`39fc6000 win32kfull (deferred)
- Image path: \SystemRoot\System32\win32kfull.sys
- Image name: win32kfull.sys
- Timestamp: ***** Invalid (EBAA7588)
- CheckSum: 003A7C43
- ImageSize: 003B6000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7ac10000 fffff800`7ae9f000 mcupdate_GenuineIntel (deferred)
- Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll
- Image name: mcupdate_GenuineIntel.dll
- Timestamp: ***** Invalid (9FB1DE46)
- CheckSum: 0028C60B
- ImageSize: 0028F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7aea0000 fffff800`7aea6000 hal (deferred)
- Image path: hal.dll
- Image name: hal.dll
- Timestamp: Mon Jan 30 08:29:29 1984 (1A7BE8E9)
- CheckSum: 0000CE9F
- ImageSize: 00006000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7aeb0000 fffff800`7aebb000 kd (deferred)
- Image path: \SystemRoot\system32\kd.dll
- Image name: kd.dll
- Timestamp: ***** Invalid (FE185FA8)
- CheckSum: 00004EF6
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7aec0000 fffff800`7aee7000 tm (deferred)
- Image path: \SystemRoot\System32\drivers\tm.sys
- Image name: tm.sys
- Timestamp: Thu Nov 24 15:38:59 2011 (4ECED593)
- CheckSum: 00029C42
- ImageSize: 00027000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7aef0000 fffff800`7af59000 CLFS (deferred)
- Image path: \SystemRoot\System32\drivers\CLFS.SYS
- Image name: CLFS.SYS
- Timestamp: Fri Dec 30 13:11:01 2005 (43B5A265)
- CheckSum: 0006BD72
- ImageSize: 00069000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7af60000 fffff800`7af7a000 PSHED (deferred)
- Image path: \SystemRoot\system32\PSHED.dll
- Image name: PSHED.dll
- Timestamp: Sun Aug 01 12:44:09 2010 (4C55DC99)
- CheckSum: 000201A9
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7af80000 fffff800`7af8b000 BOOTVID (deferred)
- Image path: \SystemRoot\system32\BOOTVID.dll
- Image name: BOOTVID.dll
- Timestamp: ***** Invalid (D13EE5B6)
- CheckSum: 00013A3C
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7af90000 fffff800`7afff000 FLTMGR (deferred)
- Image path: \SystemRoot\System32\drivers\FLTMGR.SYS
- Image name: FLTMGR.SYS
- Timestamp: Mon May 03 20:30:30 1971 (02839B66)
- CheckSum: 00072E12
- ImageSize: 0006F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7b000000 fffff800`7b00e000 cmimcext (deferred)
- Image path: \SystemRoot\System32\drivers\cmimcext.sys
- Image name: cmimcext.sys
- Timestamp: ***** Invalid (94809681)
- CheckSum: 00010F8E
- ImageSize: 0000E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7be00000 fffff800`7ce46000 nt (export symbols) ntkrnlmp.exe
- Loaded symbol image file: ntkrnlmp.exe
- Image path: ntkrnlmp.exe
- Image name: ntkrnlmp.exe
- Timestamp: ***** Invalid (A371A2E9)
- CheckSum: 00A611D3
- ImageSize: 01046000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`7eba0000 fffff800`7ebeb000 klupd_KLIF_klark (deferred)
- Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klark.sys
- Image name: klupd_KLIF_klark.sys
- Timestamp: Wed Mar 24 02:58:59 2021 (605B1B73)
- CheckSum: 00054599
- ImageSize: 0004B000
- File version: 4.7.3.0
- Product version: 4.7.3.0
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Kaspersky Bases
- InternalName: klark
- OriginalFilename: klark.sys
- ProductVersion: 4.7.3.0
- FileVersion: 4.7.3.0
- FileDescription: Kaspersky Lab Anti-Rootkit
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`80600000 fffff800`80713000 clipsp (deferred)
- Image path: \SystemRoot\System32\drivers\clipsp.sys
- Image name: clipsp.sys
- Timestamp: Tue Sep 01 15:19:42 2020 (5F4ED70E)
- CheckSum: 0011953D
- ImageSize: 00113000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80720000 fffff800`80749000 ksecdd (deferred)
- Image path: \SystemRoot\System32\drivers\ksecdd.sys
- Image name: ksecdd.sys
- Timestamp: Fri Sep 25 14:37:08 2020 (5F6E7114)
- CheckSum: 0002AB02
- ImageSize: 00029000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80750000 fffff800`807b2000 msrpc (deferred)
- Image path: \SystemRoot\System32\drivers\msrpc.sys
- Image name: msrpc.sys
- Timestamp: ***** Invalid (BD46698A)
- CheckSum: 00062C96
- ImageSize: 00062000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`807c0000 fffff800`807d1000 werkernel (deferred)
- Image path: \SystemRoot\System32\drivers\werkernel.sys
- Image name: werkernel.sys
- Timestamp: Wed Oct 17 15:21:51 1984 (1BD4610F)
- CheckSum: 0000F1D5
- ImageSize: 00011000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`807e0000 fffff800`807ec000 ntosext (deferred)
- Image path: \SystemRoot\System32\drivers\ntosext.sys
- Image name: ntosext.sys
- Timestamp: Sun Jul 14 21:39:43 2030 (71DD3C9F)
- CheckSum: 00009677
- ImageSize: 0000C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`807f0000 fffff800`808d3000 CI (deferred)
- Image path: \SystemRoot\system32\CI.dll
- Image name: CI.dll
- Timestamp: ***** Invalid (8BECF5E0)
- CheckSum: 000E72BB
- ImageSize: 000E3000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`808e0000 fffff800`80997000 cng (deferred)
- Image path: \SystemRoot\System32\drivers\cng.sys
- Image name: cng.sys
- Timestamp: Tue May 30 08:27:56 1989 (2482C10C)
- CheckSum: 000B7883
- ImageSize: 000B7000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`809a0000 fffff800`80a71000 Wdf01000 (deferred)
- Image path: \SystemRoot\system32\drivers\Wdf01000.sys
- Image name: Wdf01000.sys
- Timestamp: ***** Invalid (A9A9D36E)
- CheckSum: 000D3980
- ImageSize: 000D1000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80a80000 fffff800`80a93000 WDFLDR (deferred)
- Image path: \SystemRoot\system32\drivers\WDFLDR.SYS
- Image name: WDFLDR.SYS
- Timestamp: ***** Invalid (977C0BBB)
- CheckSum: 00013DC3
- ImageSize: 00013000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80aa0000 fffff800`80aaf000 SleepStudyHelper (deferred)
- Image path: \SystemRoot\system32\drivers\SleepStudyHelper.sys
- Image name: SleepStudyHelper.sys
- Timestamp: Thu May 23 08:28:59 2024 (664F6ECB)
- CheckSum: 0000FC58
- ImageSize: 0000F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80ab0000 fffff800`80ac1000 WppRecorder (deferred)
- Image path: \SystemRoot\system32\drivers\WppRecorder.sys
- Image name: WppRecorder.sys
- Timestamp: Fri Mar 06 01:14:40 1981 (15060D00)
- CheckSum: 0001415E
- ImageSize: 00011000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80ad0000 fffff800`80af6000 acpiex (deferred)
- Image path: \SystemRoot\System32\Drivers\acpiex.sys
- Image name: acpiex.sys
- Timestamp: ***** Invalid (C8D60B44)
- CheckSum: 000302D2
- ImageSize: 00026000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80b00000 fffff800`80b4b000 mssecflt (deferred)
- Image path: \SystemRoot\system32\drivers\mssecflt.sys
- Image name: mssecflt.sys
- Timestamp: ***** Invalid (A0E0786E)
- CheckSum: 0004FC86
- ImageSize: 0004B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80b50000 fffff800`80b6a000 SgrmAgent (deferred)
- Image path: \SystemRoot\system32\drivers\SgrmAgent.sys
- Image name: SgrmAgent.sys
- Timestamp: ***** Invalid (A6474774)
- CheckSum: 0001E4FC
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80b70000 fffff800`80c3c000 ACPI (deferred)
- Image path: \SystemRoot\System32\drivers\ACPI.sys
- Image name: ACPI.sys
- Timestamp: Thu Feb 10 11:30:37 1994 (2D5A8B5D)
- CheckSum: 000D341C
- ImageSize: 000CC000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80c40000 fffff800`80c4c000 WMILIB (deferred)
- Image path: \SystemRoot\System32\drivers\WMILIB.SYS
- Image name: WMILIB.SYS
- Timestamp: ***** Invalid (CD518505)
- CheckSum: 00009CB9
- ImageSize: 0000C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80c60000 fffff800`80ccb000 intelpep (deferred)
- Image path: \SystemRoot\System32\drivers\intelpep.sys
- Image name: intelpep.sys
- Timestamp: ***** Invalid (81D95014)
- CheckSum: 0007468F
- ImageSize: 0006B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80cd0000 fffff800`80ce7000 WindowsTrustedRT (deferred)
- Image path: \SystemRoot\system32\drivers\WindowsTrustedRT.sys
- Image name: WindowsTrustedRT.sys
- Timestamp: Sat May 19 00:53:30 2035 (7AF9978A)
- CheckSum: 0001BFFA
- ImageSize: 00017000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80cf0000 fffff800`80cfb000 IntelTA (deferred)
- Image path: \SystemRoot\System32\drivers\IntelTA.sys
- Image name: IntelTA.sys
- Timestamp: ***** Invalid (AFECFEC8)
- CheckSum: 00008349
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80d00000 fffff800`80d0b000 WindowsTrustedRTProxy (deferred)
- Image path: \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
- Image name: WindowsTrustedRTProxy.sys
- Timestamp: ***** Invalid (AA5F5790)
- CheckSum: 00007869
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80d10000 fffff800`80d24000 pcw (deferred)
- Image path: \SystemRoot\System32\drivers\pcw.sys
- Image name: pcw.sys
- Timestamp: ***** Invalid (D212A83E)
- CheckSum: 000163F7
- ImageSize: 00014000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80d30000 fffff800`80d70000 klupd_klif_arkmon (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klupd_klif_arkmon.sys
- Image name: klupd_klif_arkmon.sys
- Timestamp: Wed Mar 24 02:36:11 2021 (605B161B)
- CheckSum: 00043547
- ImageSize: 00040000
- File version: 2.7.4.0
- Product version: 2.7.4.0
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Kaspersky Bases
- InternalName: arkmon
- OriginalFilename: arkmon.sys
- ProductVersion: 2.7.4.0
- FileVersion: 2.7.4.0
- FileDescription: Kaspersky Lab Anti-Rootkit Monitor Driver
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`80d80000 fffff800`80d8b000 msisadrv (deferred)
- Image path: \SystemRoot\System32\drivers\msisadrv.sys
- Image name: msisadrv.sys
- Timestamp: ***** Invalid (D84D625E)
- CheckSum: 0000B688
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80d90000 fffff800`80da5000 vdrvroot (deferred)
- Image path: \SystemRoot\System32\drivers\vdrvroot.sys
- Image name: vdrvroot.sys
- Timestamp: ***** Invalid (E613EBA7)
- CheckSum: 000184EC
- ImageSize: 00015000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80db0000 fffff800`80ddf000 pdc (deferred)
- Image path: \SystemRoot\system32\drivers\pdc.sys
- Image name: pdc.sys
- Timestamp: Sat May 26 23:23:12 1984 (1B16F9E0)
- CheckSum: 000324F1
- ImageSize: 0002F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80de0000 fffff800`80df9000 CEA (deferred)
- Image path: \SystemRoot\system32\drivers\CEA.sys
- Image name: CEA.sys
- Timestamp: Thu Jun 10 08:40:49 2032 (75736B91)
- CheckSum: 00022BC5
- ImageSize: 00019000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80e00000 fffff800`80e78000 pci (deferred)
- Image path: \SystemRoot\System32\drivers\pci.sys
- Image name: pci.sys
- Timestamp: Wed Jul 29 03:09:24 2037 (7F1B0A64)
- CheckSum: 0007F6EF
- ImageSize: 00078000
- File version: 10.0.19041.488
- Product version: 10.0.19041.488
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: pci.sys
- OriginalFilename: pci.sys
- ProductVersion: 10.0.19041.488
- FileVersion: 10.0.19041.488 (WinBuild.160101.0800)
- FileDescription: NT Plug and Play PCI Enumerator
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`80e80000 fffff800`80eb1000 partmgr (deferred)
- Image path: \SystemRoot\System32\drivers\partmgr.sys
- Image name: partmgr.sys
- Timestamp: Sat Aug 06 18:26:06 2016 (57A69C3E)
- CheckSum: 0002D745
- ImageSize: 00031000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80ec0000 fffff800`80f6a000 spaceport (deferred)
- Image path: \SystemRoot\System32\drivers\spaceport.sys
- Image name: spaceport.sys
- Timestamp: ***** Invalid (ABAEDF84)
- CheckSum: 000B3A4F
- ImageSize: 000AA000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80f70000 fffff800`80f89000 volmgr (deferred)
- Image path: \SystemRoot\System32\drivers\volmgr.sys
- Image name: volmgr.sys
- Timestamp: Thu Nov 20 06:06:06 2025 (691F204E)
- CheckSum: 00021FF2
- ImageSize: 00019000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`80f90000 fffff800`80ff3000 volmgrx (deferred)
- Image path: \SystemRoot\System32\drivers\volmgrx.sys
- Image name: volmgrx.sys
- Timestamp: Fri Nov 29 10:04:07 2013 (5298D717)
- CheckSum: 0006AB53
- ImageSize: 00063000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81000000 fffff800`8101e000 mountmgr (deferred)
- Image path: \SystemRoot\System32\drivers\mountmgr.sys
- Image name: mountmgr.sys
- Timestamp: Fri May 11 14:20:58 2029 (6FA7424A)
- CheckSum: 00024BD0
- ImageSize: 0001E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81020000 fffff800`810b5000 mvs91xx (deferred)
- Image path: \SystemRoot\System32\drivers\mvs91xx.sys
- Image name: mvs91xx.sys
- Timestamp: Tue Jan 19 21:47:12 2016 (569F1F60)
- CheckSum: 000577B0
- ImageSize: 00095000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`810c0000 fffff800`81170000 storport (deferred)
- Image path: \SystemRoot\System32\drivers\storport.sys
- Image name: storport.sys
- Timestamp: ***** Invalid (8566CB6A)
- CheckSum: 000B9B99
- ImageSize: 000B0000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81180000 fffff800`81188000 mvxxmm (deferred)
- Image path: \SystemRoot\System32\drivers\mvxxmm.sys
- Image name: mvxxmm.sys
- Timestamp: Tue Jan 19 21:46:43 2016 (569F1F43)
- CheckSum: 0000BA29
- ImageSize: 00008000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81190000 fffff800`812bf000 iaStorE (deferred)
- Image path: \SystemRoot\System32\drivers\iaStorE.sys
- Image name: iaStorE.sys
- Timestamp: Mon Jan 13 13:05:06 2020 (5E1CDB82)
- CheckSum: 00110008
- ImageSize: 0012F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`812e0000 fffff800`812fa000 fileinfo (deferred)
- Image path: \SystemRoot\System32\drivers\fileinfo.sys
- Image name: fileinfo.sys
- Timestamp: ***** Invalid (AEE275C2)
- CheckSum: 0002169B
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81300000 fffff800`81340000 Wof (deferred)
- Image path: \SystemRoot\System32\Drivers\Wof.sys
- Image name: Wof.sys
- Timestamp: ***** Invalid (97F984C4)
- CheckSum: 0003D008
- ImageSize: 00040000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81350000 fffff800`81629000 Ntfs (deferred)
- Image path: \SystemRoot\System32\Drivers\Ntfs.sys
- Image name: Ntfs.sys
- Timestamp: Sun Dec 21 22:54:01 1997 (349E0E89)
- CheckSum: 002C1FB0
- ImageSize: 002D9000
- File version: 10.0.19041.508
- Product version: 10.0.19041.508
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: ntfs.sys
- OriginalFilename: ntfs.sys
- ProductVersion: 10.0.19041.508
- FileVersion: 10.0.19041.508 (WinBuild.160101.0800)
- FileDescription: NT File System Driver
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`81630000 fffff800`8163d000 Fs_Rec (deferred)
- Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys
- Image name: Fs_Rec.sys
- Timestamp: ***** Invalid (B9E5C55C)
- CheckSum: 00017B4B
- ImageSize: 0000D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81640000 fffff800`817af000 ndis (deferred)
- Image path: \SystemRoot\system32\drivers\ndis.sys
- Image name: ndis.sys
- Timestamp: ***** Invalid (A3B0E6FE)
- CheckSum: 0016EB12
- ImageSize: 0016F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`817b0000 fffff800`81848000 NETIO (deferred)
- Image path: \SystemRoot\system32\drivers\NETIO.SYS
- Image name: NETIO.SYS
- Timestamp: Wed Jul 22 02:46:16 2015 (55AF7478)
- CheckSum: 000A160A
- ImageSize: 00098000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81850000 fffff800`81882000 ksecpkg (deferred)
- Image path: \SystemRoot\System32\Drivers\ksecpkg.sys
- Image name: ksecpkg.sys
- Timestamp: ***** Invalid (EB0A8339)
- CheckSum: 0002E880
- ImageSize: 00032000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81890000 fffff800`81b7c000 tcpip (deferred)
- Image path: \SystemRoot\System32\drivers\tcpip.sys
- Image name: tcpip.sys
- Timestamp: ***** Invalid (9976B086)
- CheckSum: 002E509B
- ImageSize: 002EC000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81b80000 fffff800`81bff000 fwpkclnt (deferred)
- Image path: \SystemRoot\System32\drivers\fwpkclnt.sys
- Image name: fwpkclnt.sys
- Timestamp: Wed Dec 18 17:08:15 1985 (1E076A7F)
- CheckSum: 0007F498
- ImageSize: 0007F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81c00000 fffff800`81c30000 wfplwfs (deferred)
- Image path: \SystemRoot\System32\drivers\wfplwfs.sys
- Image name: wfplwfs.sys
- Timestamp: Mon Mar 31 19:31:38 1997 (3340819A)
- CheckSum: 00035119
- ImageSize: 00030000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81c40000 fffff800`81d09000 fvevol (deferred)
- Image path: \SystemRoot\System32\DRIVERS\fvevol.sys
- Image name: fvevol.sys
- Timestamp: Sat Nov 26 02:24:12 1994 (2ED70CCC)
- CheckSum: 000C5DEF
- ImageSize: 000C9000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81d10000 fffff800`81d1c000 apmwin (deferred)
- Image path: \SystemRoot\system32\DRIVERS\apmwin.sys
- Image name: apmwin.sys
- Timestamp: Wed Dec 28 01:12:34 2016 (58638202)
- CheckSum: 00012FAA
- ImageSize: 0000C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81d20000 fffff800`81d33000 gpt_loader (deferred)
- Image path: \SystemRoot\system32\DRIVERS\gpt_loader.sys
- Image name: gpt_loader.sys
- Timestamp: Wed Dec 28 01:12:24 2016 (586381F8)
- CheckSum: 00014F27
- ImageSize: 00013000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81d40000 fffff800`81d4f000 mounthlp (deferred)
- Image path: \SystemRoot\system32\DRIVERS\mounthlp.sys
- Image name: mounthlp.sys
- Timestamp: Wed Dec 28 01:12:27 2016 (586381FB)
- CheckSum: 0000FBFA
- ImageSize: 0000F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81d50000 fffff800`81d5b000 volume (deferred)
- Image path: \SystemRoot\System32\drivers\volume.sys
- Image name: volume.sys
- Timestamp: ***** Invalid (83CF10C9)
- CheckSum: 000083D7
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81d60000 fffff800`81dcd000 volsnap (deferred)
- Image path: \SystemRoot\System32\drivers\volsnap.sys
- Image name: volsnap.sys
- Timestamp: ***** Invalid (8AFD80F6)
- CheckSum: 00077353
- ImageSize: 0006D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81dd0000 fffff800`81e20000 rdyboost (deferred)
- Image path: \SystemRoot\System32\drivers\rdyboost.sys
- Image name: rdyboost.sys
- Timestamp: Fri Feb 25 08:44:32 2033 (76CA3270)
- CheckSum: 00048E48
- ImageSize: 00050000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81e30000 fffff800`81e56000 mup (deferred)
- Image path: \SystemRoot\System32\Drivers\mup.sys
- Image name: mup.sys
- Timestamp: ***** Invalid (FB1EDB95)
- CheckSum: 0002B433
- ImageSize: 00026000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81e60000 fffff800`81e79000 klupd_KLIF_klbg (deferred)
- Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klbg.sys
- Image name: klupd_KLIF_klbg.sys
- Timestamp: Wed Mar 24 02:58:58 2021 (605B1B72)
- CheckSum: 000257EF
- ImageSize: 00019000
- File version: 11.7.3.0
- Product version: 11.7.3.0
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Kaspersky Bases
- InternalName: klbg
- OriginalFilename: klbg.sys
- ProductVersion: 11.7.3.0
- FileVersion: 11.7.3.0
- FileDescription: Kaspersky Lab Boot Guard Driver
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`81e80000 fffff800`81e92000 iorate (deferred)
- Image path: \SystemRoot\system32\drivers\iorate.sys
- Image name: iorate.sys
- Timestamp: ***** Invalid (94A693A6)
- CheckSum: 0001BF87
- ImageSize: 00012000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81ea0000 fffff800`81eab000 iaStorF (deferred)
- Image path: \SystemRoot\System32\drivers\iaStorF.sys
- Image name: iaStorF.sys
- Timestamp: Fri Nov 24 02:31:28 2017 (5A17F500)
- CheckSum: 00016CC4
- ImageSize: 0000B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81ed0000 fffff800`81eec000 disk (deferred)
- Image path: \SystemRoot\System32\drivers\disk.sys
- Image name: disk.sys
- Timestamp: Tue Feb 01 17:11:22 1994 (2D4EFDBA)
- CheckSum: 00020B81
- ImageSize: 0001C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`81ef0000 fffff800`81f5c000 CLASSPNP (deferred)
- Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS
- Image name: CLASSPNP.SYS
- Timestamp: Tue Jun 30 09:16:26 1981 (159F6BEA)
- CheckSum: 0006AD87
- ImageSize: 0006C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82400000 fffff800`824d6000 peauth (deferred)
- Image path: \SystemRoot\system32\drivers\peauth.sys
- Image name: peauth.sys
- Timestamp: Thu Jun 30 12:25:54 1977 (0E1978D2)
- CheckSum: 000CAE00
- ImageSize: 000D6000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`824e0000 fffff800`824fc000 rassstp (deferred)
- Image path: \SystemRoot\System32\drivers\rassstp.sys
- Image name: rassstp.sys
- Timestamp: Fri Feb 01 21:39:06 2002 (3C5B7B7A)
- CheckSum: 0001D4E6
- ImageSize: 0001C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82500000 fffff800`8251d000 NDProxy (deferred)
- Image path: \SystemRoot\System32\DRIVERS\NDProxy.sys
- Image name: NDProxy.sys
- Timestamp: ***** Invalid (D564EC29)
- CheckSum: 00022253
- ImageSize: 0001D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82520000 fffff800`82547000 AgileVpn (deferred)
- Image path: \SystemRoot\System32\drivers\AgileVpn.sys
- Image name: AgileVpn.sys
- Timestamp: ***** Invalid (F4378452)
- CheckSum: 00023624
- ImageSize: 00027000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82550000 fffff800`82568000 uaspstor (deferred)
- Image path: \SystemRoot\System32\drivers\uaspstor.sys
- Image name: uaspstor.sys
- Timestamp: Thu Jun 24 20:11:29 2004 (40DBA5F1)
- CheckSum: 0001535A
- ImageSize: 00018000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82570000 fffff800`82589000 klbackupdisk (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys
- Image name: klbackupdisk.sys
- Timestamp: Mon Jan 25 08:51:07 2021 (600EF6FB)
- CheckSum: 00029377
- ImageSize: 00019000
- File version: 30.587.0.170
- Product version: 30.587.0.170
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klbackupdisk
- ProductVersion: 30.587.0.170-e30f0c58d6
- FileVersion: 30.587.0.170
- FileDescription: Backup Disk Filter [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`82590000 fffff800`825c0000 cdrom (deferred)
- Image path: \SystemRoot\System32\drivers\cdrom.sys
- Image name: cdrom.sys
- Timestamp: ***** Invalid (D4B31131)
- CheckSum: 000346A0
- ImageSize: 00030000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`825d0000 fffff800`8265a000 klflt (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klflt.sys
- Image name: klflt.sys
- Timestamp: Fri Feb 19 05:50:35 2021 (602FC22B)
- CheckSum: 00088DDE
- ImageSize: 0008A000
- File version: 30.587.0.1070
- Product version: 30.587.0.1070
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klflt
- ProductVersion: 30.587.0.1070-a81ac642e3
- FileVersion: 30.587.0.1070
- FileDescription: Filter Core [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`82660000 fffff800`82691000 klbackupflt (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys
- Image name: klbackupflt.sys
- Timestamp: Fri Feb 05 16:46:23 2021 (601DE6DF)
- CheckSum: 00037AFC
- ImageSize: 00031000
- File version: 30.587.0.810
- Product version: 30.587.0.810
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klbackupflt
- ProductVersion: 30.587.0.810-636fda9fe5
- FileVersion: 30.587.0.810
- FileDescription: Backup File Filter [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`826a0000 fffff800`826b5000 filecrypt (deferred)
- Image path: \SystemRoot\system32\drivers\filecrypt.sys
- Image name: filecrypt.sys
- Timestamp: Fri Mar 01 03:12:42 2002 (3C7F622A)
- CheckSum: 0000FEC3
- ImageSize: 00015000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`826c0000 fffff800`826ce000 tbs (deferred)
- Image path: \SystemRoot\system32\drivers\tbs.sys
- Image name: tbs.sys
- Timestamp: ***** Invalid (BBC1ED87)
- CheckSum: 00011119
- ImageSize: 0000E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`826d0000 fffff800`827d9000 klif (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klif.sys
- Image name: klif.sys
- Timestamp: Fri Feb 19 05:51:17 2021 (602FC255)
- CheckSum: 0010D1EF
- ImageSize: 00109000
- File version: 30.587.0.1070
- Product version: 30.587.0.1070
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klif
- ProductVersion: 30.587.0.1070-a81ac642e3
- FileVersion: 30.587.0.1070
- FileDescription: Core System Interceptors [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`827e0000 fffff800`82856000 ks (deferred)
- Image path: \SystemRoot\system32\DRIVERS\ks.sys
- Image name: ks.sys
- Timestamp: ***** Invalid (F812DE3F)
- CheckSum: 000751CB
- ImageSize: 00076000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82860000 fffff800`829df000 klhk (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klhk.sys
- Image name: klhk.sys
- Timestamp: Mon Jan 25 08:51:13 2021 (600EF701)
- CheckSum: 0015F58F
- ImageSize: 0017F000
- File version: 30.587.0.170
- Product version: 30.587.0.170
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klhk
- ProductVersion: 30.587.0.170-e30f0c58d6
- FileVersion: 30.587.0.170
- FileDescription: klhk [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`829e0000 fffff800`82a0b000 pacer (deferred)
- Image path: \SystemRoot\System32\drivers\pacer.sys
- Image name: pacer.sys
- Timestamp: ***** Invalid (FECCC466)
- CheckSum: 0003603B
- ImageSize: 0002B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82a40000 fffff800`82a5e000 crashdmp (deferred)
- Image path: \SystemRoot\System32\Drivers\crashdmp.sys
- Image name: crashdmp.sys
- Timestamp: ***** Invalid (9A19AF81)
- CheckSum: 0002129E
- ImageSize: 0001E000
- File version: 10.0.19041.1
- Product version: 10.0.19041.1
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: crashdmp.sys
- OriginalFilename: crashdmp.sys
- ProductVersion: 10.0.19041.1
- FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
- FileDescription: Crash Dump Driver
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`82ae0000 fffff800`82b1a000 ndiswan (deferred)
- Image path: \SystemRoot\System32\drivers\ndiswan.sys
- Image name: ndiswan.sys
- Timestamp: ***** Invalid (88F100F4)
- CheckSum: 0003FFCA
- ImageSize: 0003A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82b20000 fffff800`82b57000 klupd_KLIF_mark (deferred)
- Image path: \SystemRoot\System32\Drivers\klupd_KLIF_mark.sys
- Image name: klupd_KLIF_mark.sys
- Timestamp: Wed Mar 24 02:34:52 2021 (605B15CC)
- CheckSum: 0003EA59
- ImageSize: 00037000
- File version: 6.6.3.0
- Product version: 6.6.3.0
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Kaspersky Bases
- InternalName: mark
- OriginalFilename: mark.sys
- ProductVersion: 6.6.3.0
- FileVersion: 6.6.3.0
- FileDescription: Kaspersky Lab Anti-Rootkit Memory Driver
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`82b60000 fffff800`82b9c000 klupd_KLIF_swmon (deferred)
- Image path: \SystemRoot\System32\Drivers\klupd_KLIF_swmon.sys
- Image name: klupd_KLIF_swmon.sys
- Timestamp: Thu Aug 19 08:36:35 2021 (611E8893)
- CheckSum: 00047C85
- ImageSize: 0003C000
- File version: 1.12.5.0
- Product version: 1.12.5.0
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Kaspersky Bases
- InternalName: swmon
- OriginalFilename: swmon.sys
- ProductVersion: 1.12.5.0
- FileVersion: 1.12.5.0
- FileDescription: Kaspersky Lab System Watcher Monitor Driver
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`82bb0000 fffff800`82bc4000 ndiscap (deferred)
- Image path: \SystemRoot\System32\drivers\ndiscap.sys
- Image name: ndiscap.sys
- Timestamp: ***** Invalid (DCEEC70E)
- CheckSum: 0001C38B
- ImageSize: 00014000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82bd0000 fffff800`82be4000 netbios (deferred)
- Image path: \SystemRoot\system32\drivers\netbios.sys
- Image name: netbios.sys
- Timestamp: Fri Nov 12 13:10:06 2021 (618ED82E)
- CheckSum: 0001A9AF
- ImageSize: 00014000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82c00000 fffff800`82fa4000 dxgkrnl (deferred)
- Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
- Image name: dxgkrnl.sys
- Timestamp: ***** Invalid (B20216B8)
- CheckSum: 0039F5F1
- ImageSize: 003A4000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82fb0000 fffff800`82fc8000 watchdog (deferred)
- Image path: \SystemRoot\System32\drivers\watchdog.sys
- Image name: watchdog.sys
- Timestamp: Fri Jun 16 16:44:59 2006 (4493508B)
- CheckSum: 000222BD
- ImageSize: 00018000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82fd0000 fffff800`82fe6000 BasicDisplay (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_62ba5773ba05edee\BasicDisplay.sys
- Image name: BasicDisplay.sys
- Timestamp: ***** Invalid (A2092B45)
- CheckSum: 0001C212
- ImageSize: 00016000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`82ff0000 fffff800`83001000 BasicRender (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_49a8589f00d970d9\BasicRender.sys
- Image name: BasicRender.sys
- Timestamp: ***** Invalid (EE8C9717)
- CheckSum: 00016443
- ImageSize: 00011000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83010000 fffff800`83017000 DamewareMini (deferred)
- Image path: \SystemRoot\System32\drivers\DamewareMini.sys
- Image name: DamewareMini.sys
- Timestamp: Sun Mar 16 10:42:28 2008 (47DD6A14)
- CheckSum: 0000921C
- ImageSize: 00007000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83020000 fffff800`83035000 VIDEOPRT (deferred)
- Image path: \SystemRoot\System32\drivers\VIDEOPRT.SYS
- Image name: VIDEOPRT.SYS
- Timestamp: Thu Jan 18 03:16:03 1979 (11047A73)
- CheckSum: 000159DE
- ImageSize: 00015000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83040000 fffff800`8305c000 Npfs (deferred)
- Image path: \SystemRoot\System32\Drivers\Npfs.SYS
- Image name: Npfs.SYS
- Timestamp: ***** Invalid (9E3E4C73)
- CheckSum: 000192F7
- ImageSize: 0001C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83060000 fffff800`83071000 Msfs (deferred)
- Image path: \SystemRoot\System32\Drivers\Msfs.SYS
- Image name: Msfs.SYS
- Timestamp: ***** Invalid (95155DF1)
- CheckSum: 0001A9B5
- ImageSize: 00011000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83080000 fffff800`8309b000 CimFS (deferred)
- Image path: \SystemRoot\System32\Drivers\CimFS.SYS
- Image name: CimFS.SYS
- Timestamp: Sun Nov 15 00:49:44 2037 (7FAA9D28)
- CheckSum: 00018CE5
- ImageSize: 0001B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`830a0000 fffff800`830c4000 klwfp (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klwfp.sys
- Image name: klwfp.sys
- Timestamp: ***** Invalid (EB577675)
- CheckSum: 0002CDC2
- ImageSize: 00024000
- File version: 30.587.0.170
- Product version: 30.587.0.170
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klwfp
- ProductVersion: 30.587.0.170-e30f0c58d6
- FileVersion: 30.587.0.170
- FileDescription: WFP Network Filter [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`830d0000 fffff800`830f2000 tdx (deferred)
- Image path: \SystemRoot\system32\DRIVERS\tdx.sys
- Image name: tdx.sys
- Timestamp: Thu Oct 03 22:47:28 1991 (28EC0E80)
- CheckSum: 000273F3
- ImageSize: 00022000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83100000 fffff800`83110000 TDI (deferred)
- Image path: \SystemRoot\system32\DRIVERS\TDI.SYS
- Image name: TDI.SYS
- Timestamp: ***** Invalid (D1AD2BD4)
- CheckSum: 0000D19A
- ImageSize: 00010000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83120000 fffff800`83135000 klim6 (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klim6.sys
- Image name: klim6.sys
- Timestamp: ***** Invalid (D15AC501)
- CheckSum: 0002025E
- ImageSize: 00015000
- File version: 30.587.0.930
- Product version: 30.587.0.930
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klim6
- ProductVersion: 30.587.0.930-ef5965511c
- FileVersion: 30.587.0.930
- FileDescription: Packet Network Filter [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`83140000 fffff800`8315a000 vwififlt (deferred)
- Image path: \SystemRoot\System32\drivers\vwififlt.sys
- Image name: vwififlt.sys
- Timestamp: Wed Jan 06 23:07:33 2010 (4B458835)
- CheckSum: 0001814D
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83170000 fffff800`83212000 klgse (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klgse.sys
- Image name: klgse.sys
- Timestamp: Mon Feb 08 07:51:31 2021 (60215E03)
- CheckSum: 000A7591
- ImageSize: 000A2000
- File version: 30.587.0.830
- Product version: 30.587.0.830
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klgse
- ProductVersion: 30.587.0.830-2713fb5b5d
- FileVersion: 30.587.0.830
- FileDescription: Security Extender [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`83220000 fffff800`83232000 klpd (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klpd.sys
- Image name: klpd.sys
- Timestamp: Mon Jan 25 08:51:07 2021 (600EF6FB)
- CheckSum: 0001F6D9
- ImageSize: 00012000
- File version: 30.587.0.170
- Product version: 30.587.0.170
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klpd
- ProductVersion: 30.587.0.170-e30f0c58d6
- FileVersion: 30.587.0.170
- FileDescription: Format Recognizer [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- Page 20001f64b too large to be in the dump file.
- fffff800`83240000 fffff800`8324a000 Null (deferred)
- Image path: \SystemRoot\System32\Drivers\Null.SYS
- Image name: Null.SYS
- Page 20001f64b too large to be in the dump file.
- Timestamp: unavailable (FFFFFFFE)
- CheckSum: missing
- ImageSize: 0000A000
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- Page 20001f64b too large to be in the dump file.
- fffff800`83250000 fffff800`8325a000 Beep (deferred)
- Image path: \SystemRoot\System32\Drivers\Beep.SYS
- Image name: Beep.SYS
- Timestamp: ***** Invalid (E4AC8238)
- CheckSum: 00008685
- ImageSize: 0000A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83260000 fffff800`8326d000 dwvkbd64 (deferred)
- Image path: \SystemRoot\system32\DRIVERS\dwvkbd64.sys
- Image name: dwvkbd64.sys
- Timestamp: Wed Apr 11 13:22:37 2007 (461D519D)
- CheckSum: 0000A755
- ImageSize: 0000D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83270000 fffff800`832cc000 netbt (deferred)
- Image path: \SystemRoot\System32\DRIVERS\netbt.sys
- Image name: netbt.sys
- Timestamp: ***** Invalid (8908830E)
- CheckSum: 000553BD
- ImageSize: 0005C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`832d0000 fffff800`832e3000 afunix (deferred)
- Image path: \SystemRoot\system32\drivers\afunix.sys
- Image name: afunix.sys
- Timestamp: ***** Invalid (9501F0D8)
- CheckSum: 00018987
- ImageSize: 00013000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`832f0000 fffff800`83393000 afd (deferred)
- Image path: \SystemRoot\system32\drivers\afd.sys
- Image name: afd.sys
- Timestamp: ***** Invalid (CC0C9B73)
- CheckSum: 000A334A
- ImageSize: 000A3000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`833a0000 fffff800`833eb000 klwtp (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klwtp.sys
- Image name: klwtp.sys
- Timestamp: ***** Invalid (F54B0C36)
- CheckSum: 0005B951
- ImageSize: 0004B000
- File version: 30.587.0.590
- Product version: 30.587.0.590
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klwtp
- ProductVersion: 30.587.0.590-5f439758d8
- FileVersion: 30.587.0.590
- FileDescription: WFP Network Connection Filter Driver [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`83400000 fffff800`83412000 nsiproxy (deferred)
- Image path: \SystemRoot\system32\drivers\nsiproxy.sys
- Image name: nsiproxy.sys
- Timestamp: ***** Invalid (E65AB811)
- CheckSum: 0001515A
- ImageSize: 00012000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83420000 fffff800`8342e000 npsvctrig (deferred)
- Image path: \SystemRoot\System32\drivers\npsvctrig.sys
- Image name: npsvctrig.sys
- Timestamp: Sun Jan 05 18:41:12 2025 (677B42C8)
- CheckSum: 000119D3
- ImageSize: 0000E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83430000 fffff800`83440000 mssmbios (deferred)
- Image path: \SystemRoot\System32\drivers\mssmbios.sys
- Image name: mssmbios.sys
- Timestamp: Thu Mar 17 08:26:02 2022 (6233611A)
- CheckSum: 0000DD1D
- ImageSize: 00010000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83450000 fffff800`83499000 kneps (deferred)
- Image path: \SystemRoot\system32\DRIVERS\kneps.sys
- Image name: kneps.sys
- Timestamp: ***** Invalid (CEAE8F0E)
- CheckSum: 00049AF2
- ImageSize: 00049000
- File version: 30.587.0.460
- Product version: 30.587.0.460
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: kneps
- ProductVersion: 30.587.0.460-f74872ca72
- FileVersion: 30.587.0.460
- FileDescription: Network Processor [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`834f0000 fffff800`834fa000 gpuenergydrv (deferred)
- Image path: \SystemRoot\System32\drivers\gpuenergydrv.sys
- Image name: gpuenergydrv.sys
- Timestamp: ***** Invalid (F10C03D8)
- CheckSum: 00009EA6
- ImageSize: 0000A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83500000 fffff800`8352c000 dfsc (deferred)
- Image path: \SystemRoot\System32\Drivers\dfsc.sys
- Image name: dfsc.sys
- Timestamp: ***** Invalid (F5D01020)
- CheckSum: 00031317
- ImageSize: 0002C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83530000 fffff800`83545000 tcpipreg (deferred)
- Image path: \SystemRoot\System32\drivers\tcpipreg.sys
- Image name: tcpipreg.sys
- Timestamp: Fri May 11 20:43:31 1973 (0651E2F3)
- CheckSum: 0001BF67
- ImageSize: 00015000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83550000 fffff800`83567000 bam (deferred)
- Image path: \SystemRoot\system32\drivers\bam.sys
- Image name: bam.sys
- Timestamp: Fri Mar 26 23:41:44 2010 (4BADB6B8)
- CheckSum: 00019328
- ImageSize: 00017000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83570000 fffff800`835be000 ahcache (deferred)
- Image path: \SystemRoot\system32\DRIVERS\ahcache.sys
- Image name: ahcache.sys
- Timestamp: Tue Mar 26 11:33:15 2019 (5C9A7E7B)
- CheckSum: 00052E71
- ImageSize: 0004E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`835c0000 fffff800`835d4000 kbdclass (deferred)
- Image path: \SystemRoot\System32\drivers\kbdclass.sys
- Image name: kbdclass.sys
- Timestamp: Mon Mar 25 01:20:10 1996 (3156654A)
- CheckSum: 0001CE1A
- ImageSize: 00014000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`835e0000 fffff800`835f2000 CompositeBus (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
- Image name: CompositeBus.sys
- Timestamp: Wed Oct 28 00:32:02 2026 (6AE1B302)
- CheckSum: 00015BD2
- ImageSize: 00012000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83600000 fffff800`8360d000 kdnic (deferred)
- Image path: \SystemRoot\System32\drivers\kdnic.sys
- Image name: kdnic.sys
- Timestamp: ***** Invalid (9401D3B8)
- CheckSum: 000178DD
- ImageSize: 0000D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83610000 fffff800`83625000 umbus (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
- Image name: umbus.sys
- Timestamp: ***** Invalid (E7B4847E)
- CheckSum: 0001394F
- ImageSize: 00015000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83630000 fffff800`8375f000 dump_iaStorE (deferred)
- Image path: \SystemRoot\System32\drivers\dump_iaStorE.sys
- Image name: dump_iaStorE.sys
- Timestamp: Mon Jan 13 13:05:06 2020 (5E1CDB82)
- CheckSum: 00110008
- ImageSize: 0012F000
- File version: 6.3.0.1022
- Product version: 6.3.0.1022
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Intel Corporation
- ProductName: Intel Virtual RAID on CPUdriver
- InternalName: iaStor.sys
- OriginalFilename: iaStor.sys
- ProductVersion: 6.3.0.1022
- FileVersion: 6.3.0.1022
- PrivateBuild: 6.3.0.1022
- SpecialBuild: 6.3.0.1022
- FileDescription: Intel Virtual RAID on CPUdriver - x64
- LegalCopyright: Copyright(C) Intel Corporation 1994-2019
- LegalTrademarks: Copyright(C) Intel Corporation 1994-2019
- Comments: -x64
- fffff800`83760000 fffff800`83841000 dxgmms2 (deferred)
- Image path: \SystemRoot\System32\drivers\dxgmms2.sys
- Image name: dxgmms2.sys
- Timestamp: Thu Apr 09 16:03:45 1970 (00828561)
- CheckSum: 000EB4C5
- ImageSize: 000E1000
- File version: 10.0.19041.508
- Product version: 10.0.19041.508
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: dxgmms2.sys
- OriginalFilename: dxgmms2.sys
- ProductVersion: 10.0.19041.508
- FileVersion: 10.0.19041.508 (WinBuild.160101.0800)
- FileDescription: DirectX Graphics MMS
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`83850000 fffff800`83886000 wcifs (deferred)
- Image path: \SystemRoot\system32\drivers\wcifs.sys
- Image name: wcifs.sys
- Timestamp: Sun Jan 31 18:32:49 2027 (6B5FEED1)
- CheckSum: 0004091A
- ImageSize: 00036000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83890000 fffff800`83910000 cldflt (deferred)
- Image path: \SystemRoot\system32\drivers\cldflt.sys
- Image name: cldflt.sys
- Timestamp: Thu Mar 20 15:36:50 2003 (3E7A5092)
- CheckSum: 0007EBD7
- ImageSize: 00080000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83920000 fffff800`83947000 tsusbhub (deferred)
- Image path: \SystemRoot\System32\drivers\tsusbhub.sys
- Image name: tsusbhub.sys
- Timestamp: Sun Dec 06 01:15:32 2020 (5FCCA134)
- CheckSum: 0002CCCD
- ImageSize: 00027000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83950000 fffff800`83977000 bindflt (deferred)
- Image path: \SystemRoot\system32\drivers\bindflt.sys
- Image name: bindflt.sys
- Timestamp: ***** Invalid (E3483DD4)
- CheckSum: 0002F4EE
- ImageSize: 00027000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83980000 fffff800`839a5000 bowser (deferred)
- Image path: \SystemRoot\system32\DRIVERS\bowser.sys
- Image name: bowser.sys
- Timestamp: ***** Invalid (EDAC6813)
- CheckSum: 00024E4F
- ImageSize: 00025000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`839b0000 fffff800`83a06000 msquic (deferred)
- Image path: \SystemRoot\system32\drivers\msquic.sys
- Image name: msquic.sys
- Timestamp: ***** Invalid (DE688303)
- CheckSum: 0005615F
- ImageSize: 00056000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83a10000 fffff800`83aa3000 mrxsmb (deferred)
- Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys
- Image name: mrxsmb.sys
- Timestamp: ***** Invalid (CDB159C0)
- CheckSum: 0008D9C7
- ImageSize: 00093000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83ab0000 fffff800`83af5000 mrxsmb20 (deferred)
- Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys
- Image name: mrxsmb20.sys
- Timestamp: ***** Invalid (C5AEA72C)
- CheckSum: 0004D662
- ImageSize: 00045000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83b00000 fffff800`83b13000 condrv (deferred)
- Image path: \SystemRoot\System32\drivers\condrv.sys
- Image name: condrv.sys
- Timestamp: ***** Invalid (B47B2254)
- CheckSum: 0001B87D
- ImageSize: 00013000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83b20000 fffff800`83b72000 srvnet (deferred)
- Image path: \SystemRoot\System32\DRIVERS\srvnet.sys
- Image name: srvnet.sys
- Timestamp: Sat Aug 04 03:40:17 2001 (3B6BDF21)
- CheckSum: 000539AC
- ImageSize: 00052000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83b80000 fffff800`83c47000 srv2 (deferred)
- Image path: \SystemRoot\System32\DRIVERS\srv2.sys
- Image name: srv2.sys
- Timestamp: ***** Invalid (EE8E2F4F)
- CheckSum: 000C31D2
- ImageSize: 000C7000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83c50000 fffff800`83c68000 lltdio (deferred)
- Image path: \SystemRoot\system32\drivers\lltdio.sys
- Image name: lltdio.sys
- Timestamp: ***** Invalid (D4D91B57)
- CheckSum: 00012B46
- ImageSize: 00018000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83c70000 fffff800`83c8b000 rspndr (deferred)
- Image path: \SystemRoot\system32\drivers\rspndr.sys
- Image name: rspndr.sys
- Timestamp: ***** Invalid (9E43BCCD)
- CheckSum: 000194E8
- ImageSize: 0001B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83c90000 fffff800`83cad000 wanarp (deferred)
- Image path: \SystemRoot\System32\DRIVERS\wanarp.sys
- Image name: wanarp.sys
- Timestamp: Wed Dec 08 07:58:18 1976 (0D0C481A)
- CheckSum: 0001B428
- ImageSize: 0001D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83cb0000 fffff800`83cca000 mpsdrv (deferred)
- Image path: \SystemRoot\System32\drivers\mpsdrv.sys
- Image name: mpsdrv.sys
- Timestamp: Thu Nov 03 06:07:36 1977 (0EBF3D28)
- CheckSum: 00019727
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83cd0000 fffff800`83e56000 HTTP (deferred)
- Image path: \SystemRoot\system32\drivers\HTTP.sys
- Image name: HTTP.sys
- Timestamp: Sat Aug 09 12:01:22 2003 (3F355312)
- CheckSum: 0018B770
- ImageSize: 00186000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83e60000 fffff800`83e6f000 ndistapi (deferred)
- Image path: \SystemRoot\System32\DRIVERS\ndistapi.sys
- Image name: ndistapi.sys
- Timestamp: Mon Aug 10 20:11:42 1987 (211E997E)
- CheckSum: 0001530C
- ImageSize: 0000F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83e70000 fffff800`83e84000 mmcss (deferred)
- Image path: \SystemRoot\system32\drivers\mmcss.sys
- Image name: mmcss.sys
- Timestamp: ***** Invalid (A1F3B590)
- CheckSum: 000108D9
- ImageSize: 00014000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83e90000 fffff800`83ee2000 mrxsmb10 (deferred)
- Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys
- Image name: mrxsmb10.sys
- Timestamp: ***** Invalid (ABA1F2CF)
- CheckSum: 0005A30C
- ImageSize: 00052000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83ef0000 fffff800`83f17000 Ndu (deferred)
- Image path: \SystemRoot\system32\drivers\Ndu.sys
- Image name: Ndu.sys
- Timestamp: ***** Invalid (ABC6C894)
- CheckSum: 000213E1
- ImageSize: 00027000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83f20000 fffff800`83fb4000 srv (deferred)
- Image path: \SystemRoot\System32\DRIVERS\srv.sys
- Image name: srv.sys
- Timestamp: Mon Mar 31 20:28:23 1997 (33408EE7)
- CheckSum: 0006E57C
- ImageSize: 00094000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`83fc0000 fffff800`84061000 Vid (deferred)
- Image path: \SystemRoot\System32\drivers\Vid.sys
- Image name: Vid.sys
- Timestamp: ***** Invalid (D8B48452)
- CheckSum: 000AB1EA
- ImageSize: 000A1000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`84070000 fffff800`84091000 winhvr (deferred)
- Image path: \SystemRoot\System32\drivers\winhvr.sys
- Image name: winhvr.sys
- Timestamp: ***** Invalid (C1F13DBD)
- CheckSum: 0001EA8A
- ImageSize: 00021000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`840a0000 fffff800`840b5000 klpnpflt (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klpnpflt.sys
- Image name: klpnpflt.sys
- Timestamp: Mon Jan 25 08:51:08 2021 (600EF6FC)
- CheckSum: 0002062B
- ImageSize: 00015000
- File version: 30.587.0.170
- Product version: 30.587.0.170
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klpnpflt
- ProductVersion: 30.587.0.170-e30f0c58d6
- FileVersion: 30.587.0.170
- FileDescription: Generic PnP filter [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`840c0000 fffff800`840d7000 klfltdev (deferred)
- Image path: \SystemRoot\system32\DRIVERS\klfltdev.sys
- Image name: klfltdev.sys
- Timestamp: Mon Jan 25 08:51:08 2021 (600EF6FC)
- CheckSum: 00021681
- ImageSize: 00017000
- File version: 30.587.0.170
- Product version: 30.587.0.170
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: AO Kaspersky Lab
- ProductName: Coretech Delivery
- InternalName: klfltdev
- ProductVersion: 30.587.0.170-e30f0c58d6
- FileVersion: 30.587.0.170
- FileDescription: PnP Device Filter [fre_win7_x64]
- LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved.
- LegalTrademarks: Registered trademarks and service marks are the property of their respective owners
- fffff800`840e0000 fffff800`8415b000 rdbss (deferred)
- Image path: \SystemRoot\system32\DRIVERS\rdbss.sys
- Image name: rdbss.sys
- Timestamp: Sat Jul 10 02:51:55 2010 (4C3850CB)
- CheckSum: 0007E4B9
- ImageSize: 0007B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`84160000 fffff800`841f4000 csc (deferred)
- Image path: \SystemRoot\system32\drivers\csc.sys
- Image name: csc.sys
- Timestamp: Thu Sep 22 14:17:30 1994 (2E82027A)
- CheckSum: 00091932
- ImageSize: 00094000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85400000 fffff800`85444000 ucx01000 (deferred)
- Image path: \SystemRoot\system32\drivers\ucx01000.sys
- Image name: ucx01000.sys
- Timestamp: Wed Mar 07 16:31:05 1979 (11447CC9)
- CheckSum: 0004DFDA
- ImageSize: 00044000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85450000 fffff800`85484000 TeeDriverW8x64 (deferred)
- Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys
- Image name: TeeDriverW8x64.sys
- Timestamp: Sun Nov 19 03:39:59 2017 (5A116D8F)
- CheckSum: 0003F054
- ImageSize: 00034000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85490000 fffff800`85526000 e1d68x64 (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_26255692c8b1c6b6\e1d68x64.sys
- Image name: e1d68x64.sys
- Timestamp: Tue Sep 29 07:11:02 2020 (5F734E86)
- CheckSum: 00099A08
- ImageSize: 00096000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85530000 fffff800`8554a000 usbehci (deferred)
- Image path: \SystemRoot\System32\drivers\usbehci.sys
- Image name: usbehci.sys
- Timestamp: Mon Jan 08 08:10:05 1979 (10F7905D)
- CheckSum: 000239DC
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85550000 fffff800`855c9000 USBPORT (deferred)
- Image path: \SystemRoot\System32\drivers\USBPORT.SYS
- Image name: USBPORT.SYS
- Timestamp: Sat Nov 03 06:27:44 2029 (708EDB60)
- CheckSum: 0007822B
- ImageSize: 00079000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`855d0000 fffff800`855f1000 i8042prt (deferred)
- Image path: \SystemRoot\System32\drivers\i8042prt.sys
- Image name: i8042prt.sys
- Timestamp: Wed Apr 03 23:16:01 2013 (515D28B1)
- CheckSum: 00022B0C
- ImageSize: 00021000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85600000 fffff800`8561c000 serial (deferred)
- Image path: \SystemRoot\System32\drivers\serial.sys
- Image name: serial.sys
- Timestamp: Wed Apr 19 02:23:01 2017 (58F73A85)
- CheckSum: 0001B585
- ImageSize: 0001C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85620000 fffff800`8562f000 serenum (deferred)
- Image path: \SystemRoot\System32\drivers\serenum.sys
- Image name: serenum.sys
- Timestamp: ***** Invalid (A5178D42)
- CheckSum: 00009616
- ImageSize: 0000F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85630000 fffff800`8563c000 wmiacpi (deferred)
- Image path: \SystemRoot\System32\drivers\wmiacpi.sys
- Image name: wmiacpi.sys
- Timestamp: Wed Aug 19 05:20:44 2009 (4A8BFC2C)
- CheckSum: 0000CC2F
- ImageSize: 0000C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85640000 fffff800`85680000 intelppm (deferred)
- Image path: \SystemRoot\System32\drivers\intelppm.sys
- Image name: intelppm.sys
- Timestamp: Tue Jun 14 02:18:00 2016 (575FD9D8)
- CheckSum: 00047AB7
- ImageSize: 00040000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85690000 fffff800`856a0000 XtuAcpiDriver (deferred)
- Image path: \SystemRoot\System32\drivers\XtuAcpiDriver.sys
- Image name: XtuAcpiDriver.sys
- Timestamp: Thu Mar 05 16:20:30 2020 (5E61974E)
- CheckSum: 0001DB9D
- ImageSize: 00010000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`856b0000 fffff800`856bd000 NdisVirtualBus (deferred)
- Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys
- Image name: NdisVirtualBus.sys
- Timestamp: ***** Invalid (A7AE93D1)
- CheckSum: 00014F1D
- ImageSize: 0000D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`856c0000 fffff800`856cc000 swenum (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
- Image name: swenum.sys
- Timestamp: ***** Invalid (E117266B)
- CheckSum: 000082C9
- ImageSize: 0000C000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`856d0000 fffff800`856de000 rdpbus (deferred)
- Image path: \SystemRoot\System32\drivers\rdpbus.sys
- Image name: rdpbus.sys
- Timestamp: ***** Invalid (84DFD52A)
- CheckSum: 000106CE
- ImageSize: 0000E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`856e0000 fffff800`85765000 usbhub (deferred)
- Image path: \SystemRoot\System32\drivers\usbhub.sys
- Image name: usbhub.sys
- Timestamp: Mon Apr 24 01:59:16 2017 (58FDCC74)
- CheckSum: 00084516
- ImageSize: 00085000
- File version: 10.0.19041.1
- Product version: 10.0.19041.1
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: usbhub.sys
- OriginalFilename: usbhub.sys
- ProductVersion: 10.0.19041.1
- FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
- FileDescription: Default Hub Driver for USB
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`85770000 fffff800`8577e000 USBD (deferred)
- Image path: \SystemRoot\System32\drivers\USBD.SYS
- Image name: USBD.SYS
- Timestamp: Wed Feb 02 14:47:35 2033 (76AC3507)
- CheckSum: 0000FFB7
- ImageSize: 0000E000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85780000 fffff800`857b8000 nvhda64v (deferred)
- Image path: \SystemRoot\system32\drivers\nvhda64v.sys
- Image name: nvhda64v.sys
- Timestamp: Tue Jun 09 10:01:25 2020 (5EDFCE75)
- CheckSum: 0003B8F0
- ImageSize: 00038000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`857c0000 fffff800`857cf000 ksthunk (deferred)
- Image path: \SystemRoot\system32\drivers\ksthunk.sys
- Image name: ksthunk.sys
- Timestamp: Thu Apr 25 06:23:02 1991 (2816E646)
- CheckSum: 00007961
- ImageSize: 0000F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`857d0000 fffff800`85873000 UsbHub3 (deferred)
- Image path: \SystemRoot\System32\drivers\UsbHub3.sys
- Image name: UsbHub3.sys
- Timestamp: ***** Invalid (FDA30E83)
- CheckSum: 000AC346
- ImageSize: 000A3000
- File version: 10.0.19041.264
- Product version: 10.0.19041.264
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: usbhub3.sys
- OriginalFilename: usbhub3.sys
- ProductVersion: 10.0.19041.264
- FileVersion: 10.0.19041.264 (WinBuild.160101.0800)
- FileDescription: USB3 HUB Driver
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`85880000 fffff800`85e5e000 RTKVHD64 (deferred)
- Image path: \SystemRoot\system32\drivers\RTKVHD64.sys
- Image name: RTKVHD64.sys
- Timestamp: Thu Sep 24 02:20:38 2020 (5F6C72F6)
- CheckSum: 005EDBA6
- ImageSize: 005DE000
- File version: 6.0.9035.1
- Product version: 6.0.9035.1
- File flags: 8 (Mask 3F) Private
- File OS: 40004 NT Win32
- File type: 3.9 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Realtek Semiconductor Corp.
- ProductName: Realtek(r) High Definition Audio Function Driver
- InternalName: RTKVHD64.sys 9035
- OriginalFilename: RTKVHD64.sys
- ProductVersion: 6.0.9035.1
- FileVersion: 6.0.9035.1 built by: WinDDK
- FileDescription: Realtek(r) High Definition Audio Function Driver
- LegalCopyright: Copyright (c) Realtek Semiconductor Corp.1998-2013
- fffff800`85e60000 fffff800`85e78000 mslldp (deferred)
- Image path: \SystemRoot\system32\drivers\mslldp.sys
- Image name: mslldp.sys
- Timestamp: Wed Aug 07 19:50:12 2030 (71FCC6F4)
- CheckSum: 00016923
- ImageSize: 00018000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85e80000 fffff800`85e92000 hidusb (deferred)
- Image path: \SystemRoot\System32\drivers\hidusb.sys
- Image name: hidusb.sys
- Timestamp: ***** Invalid (A66785A7)
- CheckSum: 000170ED
- ImageSize: 00012000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85ea0000 fffff800`85edf000 HIDCLASS (deferred)
- Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS
- Image name: HIDCLASS.SYS
- Timestamp: ***** Invalid (A07210A7)
- CheckSum: 0003DA22
- ImageSize: 0003F000
- File version: 10.0.19041.1
- Product version: 10.0.19041.1
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 2.0 Dll
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: hidclass.sys
- OriginalFilename: hidclass.sys
- ProductVersion: 10.0.19041.1
- FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
- FileDescription: Hid Class Library
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`85ee0000 fffff800`85ef3000 HIDPARSE (deferred)
- Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS
- Image name: HIDPARSE.SYS
- Timestamp: Wed Aug 27 17:20:06 1997 (3404D246)
- CheckSum: 00016359
- ImageSize: 00013000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85f00000 fffff800`85f10000 mouhid (deferred)
- Image path: \SystemRoot\System32\drivers\mouhid.sys
- Image name: mouhid.sys
- Timestamp: ***** Invalid (E502FBD9)
- CheckSum: 000173E5
- ImageSize: 00010000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85f20000 fffff800`85f33000 mouclass (deferred)
- Image path: \SystemRoot\System32\drivers\mouclass.sys
- Image name: mouclass.sys
- Timestamp: Tue Jan 07 02:19:56 2003 (3E1AA9CC)
- CheckSum: 00019679
- ImageSize: 00013000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`85f50000 fffff800`85f5e000 dump_diskdump (deferred)
- Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys
- Image name: dump_diskdump.sys
- Timestamp: ***** Invalid (95F39C8A)
- CheckSum: 0000B16B
- ImageSize: 0000E000
- File version: 10.0.19041.1
- Product version: 10.0.19041.1
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: diskdump.sys
- OriginalFilename: diskdump.sys
- ProductVersion: 10.0.19041.1
- FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
- FileDescription: Crash Dump Disk Driver
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`860b0000 fffff800`860cd000 dump_dumpfve (deferred)
- Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys
- Image name: dump_dumpfve.sys
- Timestamp: Thu Oct 05 10:32:17 2023 (651F0131)
- CheckSum: 00022E48
- ImageSize: 0001D000
- File version: 10.0.19041.1
- Product version: 10.0.19041.1
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0000.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: dumpfve.sys
- OriginalFilename: dumpfve.sys
- ProductVersion: 10.0.19041.1
- FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
- FileDescription: Bitlocker Drive Encryption Crashdump Filter
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`860d0000 fffff800`860eb000 monitor (deferred)
- Image path: \SystemRoot\System32\drivers\monitor.sys
- Image name: monitor.sys
- Timestamp: Wed May 01 10:30:47 1985 (1CD682D7)
- CheckSum: 0001751B
- ImageSize: 0001B000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`860f0000 fffff800`860fd000 rdpvideominiport (deferred)
- Image path: \SystemRoot\System32\drivers\rdpvideominiport.sys
- Image name: rdpvideominiport.sys
- Timestamp: Sun Jul 12 11:13:17 1981 (15AF594D)
- CheckSum: 00015381
- ImageSize: 0000D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`86100000 fffff800`8612f000 rdpdr (deferred)
- Image path: \SystemRoot\System32\drivers\rdpdr.sys
- Image name: rdpdr.sys
- Timestamp: ***** Invalid (9EEF34DA)
- CheckSum: 0002BAD1
- ImageSize: 0002F000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`86130000 fffff800`86159000 luafv (deferred)
- Image path: \SystemRoot\system32\drivers\luafv.sys
- Image name: luafv.sys
- Timestamp: Sat Jan 23 18:15:51 2016 (56A433D7)
- CheckSum: 00030A3A
- ImageSize: 00029000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`86160000 fffff800`8726d000 nvlddmkm (deferred)
- Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys
- Image name: nvlddmkm.sys
- Timestamp: Fri Mar 23 15:02:22 2018 (5AB5877E)
- CheckSum: 010C6B80
- ImageSize: 0110D000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`87270000 fffff800`87295000 HDAudBus (deferred)
- Image path: \SystemRoot\System32\drivers\HDAudBus.sys
- Image name: HDAudBus.sys
- Timestamp: Wed Nov 17 21:08:44 2021 (6195DFDC)
- CheckSum: 000268EC
- ImageSize: 00025000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`872a0000 fffff800`87306000 portcls (deferred)
- Image path: \SystemRoot\System32\drivers\portcls.sys
- Image name: portcls.sys
- Timestamp: Mon Dec 23 15:28:58 2002 (3E079C3A)
- CheckSum: 0006B23D
- ImageSize: 00066000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`87310000 fffff800`87331000 drmk (deferred)
- Image path: \SystemRoot\System32\drivers\drmk.sys
- Image name: drmk.sys
- Timestamp: ***** Invalid (92B1AC47)
- CheckSum: 0001A51A
- ImageSize: 00021000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- fffff800`87340000 fffff800`873d8000 USBXHCI (deferred)
- Image path: \SystemRoot\System32\drivers\USBXHCI.SYS
- Image name: USBXHCI.SYS
- Timestamp: Sun Aug 07 06:37:42 1994 (2E44F1B6)
- CheckSum: 0009CD76
- ImageSize: 00098000
- File version: 10.0.19041.488
- Product version: 10.0.19041.488
- File flags: 0 (Mask 3F)
- File OS: 40004 NT Win32
- File type: 3.7 Driver
- File date: 00000000.00000000
- Translations: 0409.04b0
- CompanyName: Microsoft Corporation
- ProductName: Microsoft® Windows® Operating System
- InternalName: usbxhci.sys
- OriginalFilename: usbxhci.sys
- ProductVersion: 10.0.19041.488
- FileVersion: 10.0.19041.488 (WinBuild.160101.0800)
- FileDescription: USB XHCI Driver
- LegalCopyright: © Microsoft Corporation. All rights reserved.
- fffff800`873e0000 fffff800`873fa000 storqosflt (deferred)
- Image path: \SystemRoot\system32\drivers\storqosflt.sys
- Image name: storqosflt.sys
- Timestamp: Mon Apr 09 10:08:30 2007 (461A811E)
- CheckSum: 00025AFB
- ImageSize: 0001A000
- Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
- Unloaded modules:
- fffff800`834a0000 fffff800`834e2000 klids.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00042000
- fffff800`82ac0000 fffff800`82add000 raspppoe.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001D000
- fffff800`82a90000 fffff800`82ab2000 raspptp.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00022000
- fffff800`82a60000 fffff800`82a82000 rasl2tp.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00022000
- fffff800`83160000 fffff800`8316e000 WSDPrint.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0000E000
- fffff800`7eb70000 fffff800`7eb7f000 WpdUpFltr.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0000F000
- fffff800`7eb10000 fffff800`7eb65000 WUDFRd.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00055000
- fffff800`7eb80000 fffff800`7eb9d000 EhStorClass.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001D000
- fffff800`7f280000 fffff800`7f29d000 EhStorClass.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001D000
- fffff800`82550000 fffff800`82569000 uaspstor.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00019000
- fffff800`7ed60000 fffff800`7ed7d000 EhStorClass.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001D000
- fffff800`834a0000 fffff800`834e2000 klids.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00042000
- fffff800`83e60000 fffff800`83e6d000 csvol.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0000D000
- fffff800`82a70000 fffff800`82a7f000 dump_storport.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0000F000
- fffff800`82400000 fffff800`82530000 dump_iaStorE.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00130000
- fffff800`82550000 fffff800`8256e000 dump_dumpfve.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001E000
- fffff800`85e60000 fffff800`85e79000 uaspstor.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00019000
- fffff800`812c0000 fffff800`812dd000 EhStorClass.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001D000
- fffff800`83530000 fffff800`8354c000 dam.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0001C000
- fffff800`80c50000 fffff800`80c5f000 klelam.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 0000F000
- fffff800`81eb0000 fffff800`81ec1000 hwpolicy.sys
- Timestamp: unavailable (00000000)
- Checksum: 00000000
- ImageSize: 00011000
- 6: kd> q
- quit: