Opened log file 'E:\Windows\msdart_crashanalyzer_kd_ansi.log' Microsoft (R) Windows Debugger Version 10.0.10240.9 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [E:\Windows\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Symbol Path validation summary ************** Response Time (ms) Location Deferred srv*c:\symbols*http://msdl.microsoft.com/download/symbols Symbol search path is: srv*c:\symbols*http://msdl.microsoft.com/download/symbols Executable search path is: *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Windows 10 Kernel Version 19041 MP (8 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 19041.1.amd64fre.vb_release.191206-1406 Machine Name: Kernel base = 0xfffff800`7be00000 PsLoadedModuleList = 0xfffff800`7ca2a310 Debug session time: Mon Sep 20 03:12:30.931 2021 (UTC - 8:00) System Uptime: 0 days 6:10:01.548 *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntkrnlmp.exe - Loading Kernel Symbols ............................................................... .................Page 20001f64b too large to be in the dump file. ............................................... ................................................................ ...... Loading User Symbols Loading unloaded module list ..................... ************* Symbol Loading Error Summary ************** Module name Error ntkrnlmp The system cannot find the file specified You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded. You should also verify that your symbol search path (.sympath) is correct. No .natvis files found at X:\windows\system32\DebugTools\Visualizers. ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck BE, {ffff900035b3a334, 8a00000005300021, ffffdc82017c6550, a} ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPCR *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KTHREAD *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* Probably caused by : ntoskrnl.wrong.symbols.exe ( nt_wrong_symbols!A371A2E91046000 ) Followup: MachineOwner --------- 6: kd> .logclose Closing open log file E:\Windows\msdart_crashanalyzer_kd_ansi.log Opened log file 'E:\Windows\msdart_crashanalyzer_kd_unicode.log' 6: kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* ATTEMPTED_WRITE_TO_READONLY_MEMORY (be) An attempt was made to write to readonly memory. The guilty driver is on the stack trace (and is typically the current instruction pointer). When possible, the guilty driver's name (Unicode string) is printed on the bugcheck screen and saved in KiBugCheckDriver. Arguments: Arg1: ffff900035b3a334, Virtual address for the attempted write. Arg2: 8a00000005300021, PTE contents. Arg3: ffffdc82017c6550, (reserved) Arg4: 000000000000000a, (reserved) Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPCR *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KTHREAD *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_KPRCB *** *** *** ************************************************************************* SYSTEM_SKU: To be filled by O.E.M. SYSTEM_VERSION: To be filled by O.E.M. BIOS_DATE: 03/18/2014 BASEBOARD_PRODUCT: Z87X-UD3H-CF BASEBOARD_VERSION: x.x ADDITIONAL_DEBUG_TEXT: You can run '.symfix; .reload' to try to fix the symbol path and load symbols. WRONG_SYMBOLS_TIMESTAMP: a371a2e9 WRONG_SYMBOLS_SIZE: 1046000 FAULTING_MODULE: fffff8007be00000 nt DEBUG_FLR_IMAGE_TIMESTAMP: a371a2e9 BUGCHECK_P1: ffff900035b3a334 BUGCHECK_P2: 8a00000005300021 BUGCHECK_P3: ffffdc82017c6550 BUGCHECK_P4: a CPU_COUNT: 8 CPU_MHZ: d48 CPU_VENDOR: GenuineIntel CPU_FAMILY: 6 CPU_MODEL: 3c CPU_STEPPING: 3 CURRENT_IRQL: 0 ANALYSIS_VERSION: 10.0.10240.9 amd64fre LAST_CONTROL_TRANSFER: from fffff8007c22f11a to fffff8007c1f3ea0 STACK_TEXT: ffffdc82`017c6358 fffff800`7c22f11a : 00000000`000000be ffff9000`35b3a334 8a000000`05300021 ffffdc82`017c6550 : nt!KeBugCheckEx ffffdc82`017c6360 fffff800`7c0eec6f : 8a000000`05300021 00000000`00000003 ffffdc82`017c65d0 00000000`00000000 : nt!memset+0x2809a ffffdc82`017c63b0 fffff800`7c20205e : ffff9000`018cda70 fffff800`7c125b72 ffff9000`018cda70 00000000`00000000 : nt!SeAccessCheckWithHint+0x37ff ffffdc82`017c6550 fffff800`7c0f9d81 : 000000fa`00000040 ffffa307`e840ed00 ffffa307`efb15740 fffff800`7ca51bf0 : nt!setjmpex+0x446e ffffdc82`017c66e0 fffff800`7c1285ba : 00000000`00067b60 00000000`00000000 00000000`001fd9ba ffff9000`05f8d2e0 : nt!SeAccessCheckWithHint+0xe911 ffffdc82`017c6770 fffff800`7c111095 : 00000000`00000000 00000000`00000000 00000000`00000011 80000001`00000001 : nt!RtlAvlRemoveNode+0x3e3a ffffdc82`017c67f0 fffff800`7c151f8e : ffffa307`f2a8e850 ffffdc82`017c6918 00000000`00000000 00000000`00000000 : nt!IoGetBaseFileSystemDeviceObject+0x1345 ffffdc82`017c68b0 fffff800`7c4e793e : 00000000`00088089 00000000`00000000 fffff800`7ca50b80 00000000`00088089 : nt!IoApplyPriorityInfoThread+0x42e ffffdc82`017c6910 fffff800`7c17ad04 : ffffa307`00000001 ffffa307`efb15740 00000000`00000000 00000000`00000000 : nt!CcUnpinData+0x92e ffffdc82`017c6960 fffff800`7c322f8d : 00000000`00000001 00000000`00000000 ffffdc82`017c69e0 ffffdc82`017c69e8 : nt!ExRegisterCallback+0x1e4 ffffdc82`017c6990 fffff800`7c2a793b : 00000000`00000000 ffffa307`efb15740 fffff800`7ca51228 fffff800`7ca51290 : nt!KeStallWhileFrozen+0xb29d ffffdc82`017c69e0 fffff800`7c066dd5 : ffffa307`dafa1040 ffffa307`dafa1040 00000000`00000080 fffff800`7c1b8670 : nt!memset+0xa08bb ffffdc82`017c6c10 fffff800`7c1fb4f8 : ffffca80`8f1d2180 ffffa307`dafa1040 fffff800`7c066d80 00000000`00000000 : nt!RtlEndEnumerationHashTable+0x905 ffffdc82`017c6c60 00000000`00000000 : ffffdc82`017c7000 ffffdc82`017c1000 00000000`00000000 00000000`00000000 : nt!KeSynchronizeExecution+0x6438 STACK_COMMAND: kb FOLLOWUP_IP: nt!SeAccessCheckWithHint+37ff fffff800`7c0eec6f e90ffeffff jmp nt!SeAccessCheckWithHint+0x3613 (fffff800`7c0eea83) SYMBOL_STACK_INDEX: 2 FOLLOWUP_NAME: MachineOwner BUGCHECK_STR: A371A2E9 EXCEPTION_CODE: (HRESULT) 0xa371a2e9 (2742133481) - FAILURE_EXCEPTION_CODE: A371A2E9 EXCEPTION_STR: WRONG_SYMBOLS IMAGE_NAME: ntoskrnl.wrong.symbols.exe MODULE_NAME: nt_wrong_symbols SYMBOL_NAME: nt_wrong_symbols!A371A2E91046000 BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441 DEFAULT_BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441 PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS FAILURE_BUCKET_ID: WRONG_SYMBOLS_X64_19041.1.amd64fre.vb_release.191206-1406_TIMESTAMP_561122-154441_A371A2E9_nt_wrong_symbols!A371A2E91046000 ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:wrong_symbols_x64_19041.1.amd64fre.vb_release.191206-1406_timestamp_561122-154441_a371a2e9_nt_wrong_symbols!a371a2e91046000 FAILURE_ID_HASH: {e49aa84d-2ad1-9204-635d-8eb9b164a458} Followup: MachineOwner --------- 6: kd> !thread ************************************************************************* *** *** *** *** *** Either you specified an unqualified symbol, or your debugger *** *** doesn't have full symbol information. Unqualified symbol *** *** resolution is turned off by default. Please either specify a *** *** fully qualified symbol module!symbolname, or enable resolution *** *** of unqualified symbols by typing ".symopt- 100". Note that *** *** enabling unqualified symbol resolution with network symbol *** *** server shares in the symbol path may cause the debugger to *** *** appear to hang for long periods of time when an incorrect *** *** symbol name is typed or the network symbol server is down. *** *** *** *** For some commands to work properly, your symbol path *** *** must point to .pdb files that have full type information. *** *** *** *** Certain .pdb files (such as the public OS symbols) do not *** *** contain the required information. Contact the group that *** *** provided you with these symbols if you need this command to *** *** work. *** *** *** *** Type referenced: nt!_ETHREAD *** *** *** ************************************************************************* ffffa307dafa1040: Unable to get thread contents 6: kd> lm kv start end module name ffff944c`38a60000 ffff944c`38afa000 win32k (deferred) Image path: \SystemRoot\System32\win32k.sys Image name: win32k.sys Timestamp: ***** Invalid (E87370BB) CheckSum: 0009C34C ImageSize: 0009A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 ffff944c`38cc0000 ffff944c`38fa2000 win32kbase (deferred) Image path: \SystemRoot\System32\win32kbase.sys Image name: win32kbase.sys Timestamp: ***** Invalid (883B3E7C) CheckSum: 002DB69F ImageSize: 002E2000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 ffff944c`39000000 ffff944c`39048000 cdd (deferred) Image path: \SystemRoot\System32\cdd.dll Image name: cdd.dll Timestamp: Mon Jan 22 05:06:28 1996 (31038BD4) CheckSum: 0004D704 ImageSize: 00048000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 ffff944c`39c10000 ffff944c`39fc6000 win32kfull (deferred) Image path: \SystemRoot\System32\win32kfull.sys Image name: win32kfull.sys Timestamp: ***** Invalid (EBAA7588) CheckSum: 003A7C43 ImageSize: 003B6000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7ac10000 fffff800`7ae9f000 mcupdate_GenuineIntel (deferred) Image path: \SystemRoot\system32\mcupdate_GenuineIntel.dll Image name: mcupdate_GenuineIntel.dll Timestamp: ***** Invalid (9FB1DE46) CheckSum: 0028C60B ImageSize: 0028F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7aea0000 fffff800`7aea6000 hal (deferred) Image path: hal.dll Image name: hal.dll Timestamp: Mon Jan 30 08:29:29 1984 (1A7BE8E9) CheckSum: 0000CE9F ImageSize: 00006000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7aeb0000 fffff800`7aebb000 kd (deferred) Image path: \SystemRoot\system32\kd.dll Image name: kd.dll Timestamp: ***** Invalid (FE185FA8) CheckSum: 00004EF6 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7aec0000 fffff800`7aee7000 tm (deferred) Image path: \SystemRoot\System32\drivers\tm.sys Image name: tm.sys Timestamp: Thu Nov 24 15:38:59 2011 (4ECED593) CheckSum: 00029C42 ImageSize: 00027000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7aef0000 fffff800`7af59000 CLFS (deferred) Image path: \SystemRoot\System32\drivers\CLFS.SYS Image name: CLFS.SYS Timestamp: Fri Dec 30 13:11:01 2005 (43B5A265) CheckSum: 0006BD72 ImageSize: 00069000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7af60000 fffff800`7af7a000 PSHED (deferred) Image path: \SystemRoot\system32\PSHED.dll Image name: PSHED.dll Timestamp: Sun Aug 01 12:44:09 2010 (4C55DC99) CheckSum: 000201A9 ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7af80000 fffff800`7af8b000 BOOTVID (deferred) Image path: \SystemRoot\system32\BOOTVID.dll Image name: BOOTVID.dll Timestamp: ***** Invalid (D13EE5B6) CheckSum: 00013A3C ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7af90000 fffff800`7afff000 FLTMGR (deferred) Image path: \SystemRoot\System32\drivers\FLTMGR.SYS Image name: FLTMGR.SYS Timestamp: Mon May 03 20:30:30 1971 (02839B66) CheckSum: 00072E12 ImageSize: 0006F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7b000000 fffff800`7b00e000 cmimcext (deferred) Image path: \SystemRoot\System32\drivers\cmimcext.sys Image name: cmimcext.sys Timestamp: ***** Invalid (94809681) CheckSum: 00010F8E ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7be00000 fffff800`7ce46000 nt (export symbols) ntkrnlmp.exe Loaded symbol image file: ntkrnlmp.exe Image path: ntkrnlmp.exe Image name: ntkrnlmp.exe Timestamp: ***** Invalid (A371A2E9) CheckSum: 00A611D3 ImageSize: 01046000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`7eba0000 fffff800`7ebeb000 klupd_KLIF_klark (deferred) Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klark.sys Image name: klupd_KLIF_klark.sys Timestamp: Wed Mar 24 02:58:59 2021 (605B1B73) CheckSum: 00054599 ImageSize: 0004B000 File version: 4.7.3.0 Product version: 4.7.3.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Kaspersky Bases InternalName: klark OriginalFilename: klark.sys ProductVersion: 4.7.3.0 FileVersion: 4.7.3.0 FileDescription: Kaspersky Lab Anti-Rootkit LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`80600000 fffff800`80713000 clipsp (deferred) Image path: \SystemRoot\System32\drivers\clipsp.sys Image name: clipsp.sys Timestamp: Tue Sep 01 15:19:42 2020 (5F4ED70E) CheckSum: 0011953D ImageSize: 00113000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80720000 fffff800`80749000 ksecdd (deferred) Image path: \SystemRoot\System32\drivers\ksecdd.sys Image name: ksecdd.sys Timestamp: Fri Sep 25 14:37:08 2020 (5F6E7114) CheckSum: 0002AB02 ImageSize: 00029000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80750000 fffff800`807b2000 msrpc (deferred) Image path: \SystemRoot\System32\drivers\msrpc.sys Image name: msrpc.sys Timestamp: ***** Invalid (BD46698A) CheckSum: 00062C96 ImageSize: 00062000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`807c0000 fffff800`807d1000 werkernel (deferred) Image path: \SystemRoot\System32\drivers\werkernel.sys Image name: werkernel.sys Timestamp: Wed Oct 17 15:21:51 1984 (1BD4610F) CheckSum: 0000F1D5 ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`807e0000 fffff800`807ec000 ntosext (deferred) Image path: \SystemRoot\System32\drivers\ntosext.sys Image name: ntosext.sys Timestamp: Sun Jul 14 21:39:43 2030 (71DD3C9F) CheckSum: 00009677 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`807f0000 fffff800`808d3000 CI (deferred) Image path: \SystemRoot\system32\CI.dll Image name: CI.dll Timestamp: ***** Invalid (8BECF5E0) CheckSum: 000E72BB ImageSize: 000E3000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`808e0000 fffff800`80997000 cng (deferred) Image path: \SystemRoot\System32\drivers\cng.sys Image name: cng.sys Timestamp: Tue May 30 08:27:56 1989 (2482C10C) CheckSum: 000B7883 ImageSize: 000B7000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`809a0000 fffff800`80a71000 Wdf01000 (deferred) Image path: \SystemRoot\system32\drivers\Wdf01000.sys Image name: Wdf01000.sys Timestamp: ***** Invalid (A9A9D36E) CheckSum: 000D3980 ImageSize: 000D1000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80a80000 fffff800`80a93000 WDFLDR (deferred) Image path: \SystemRoot\system32\drivers\WDFLDR.SYS Image name: WDFLDR.SYS Timestamp: ***** Invalid (977C0BBB) CheckSum: 00013DC3 ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80aa0000 fffff800`80aaf000 SleepStudyHelper (deferred) Image path: \SystemRoot\system32\drivers\SleepStudyHelper.sys Image name: SleepStudyHelper.sys Timestamp: Thu May 23 08:28:59 2024 (664F6ECB) CheckSum: 0000FC58 ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80ab0000 fffff800`80ac1000 WppRecorder (deferred) Image path: \SystemRoot\system32\drivers\WppRecorder.sys Image name: WppRecorder.sys Timestamp: Fri Mar 06 01:14:40 1981 (15060D00) CheckSum: 0001415E ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80ad0000 fffff800`80af6000 acpiex (deferred) Image path: \SystemRoot\System32\Drivers\acpiex.sys Image name: acpiex.sys Timestamp: ***** Invalid (C8D60B44) CheckSum: 000302D2 ImageSize: 00026000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80b00000 fffff800`80b4b000 mssecflt (deferred) Image path: \SystemRoot\system32\drivers\mssecflt.sys Image name: mssecflt.sys Timestamp: ***** Invalid (A0E0786E) CheckSum: 0004FC86 ImageSize: 0004B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80b50000 fffff800`80b6a000 SgrmAgent (deferred) Image path: \SystemRoot\system32\drivers\SgrmAgent.sys Image name: SgrmAgent.sys Timestamp: ***** Invalid (A6474774) CheckSum: 0001E4FC ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80b70000 fffff800`80c3c000 ACPI (deferred) Image path: \SystemRoot\System32\drivers\ACPI.sys Image name: ACPI.sys Timestamp: Thu Feb 10 11:30:37 1994 (2D5A8B5D) CheckSum: 000D341C ImageSize: 000CC000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80c40000 fffff800`80c4c000 WMILIB (deferred) Image path: \SystemRoot\System32\drivers\WMILIB.SYS Image name: WMILIB.SYS Timestamp: ***** Invalid (CD518505) CheckSum: 00009CB9 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80c60000 fffff800`80ccb000 intelpep (deferred) Image path: \SystemRoot\System32\drivers\intelpep.sys Image name: intelpep.sys Timestamp: ***** Invalid (81D95014) CheckSum: 0007468F ImageSize: 0006B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80cd0000 fffff800`80ce7000 WindowsTrustedRT (deferred) Image path: \SystemRoot\system32\drivers\WindowsTrustedRT.sys Image name: WindowsTrustedRT.sys Timestamp: Sat May 19 00:53:30 2035 (7AF9978A) CheckSum: 0001BFFA ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80cf0000 fffff800`80cfb000 IntelTA (deferred) Image path: \SystemRoot\System32\drivers\IntelTA.sys Image name: IntelTA.sys Timestamp: ***** Invalid (AFECFEC8) CheckSum: 00008349 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80d00000 fffff800`80d0b000 WindowsTrustedRTProxy (deferred) Image path: \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys Image name: WindowsTrustedRTProxy.sys Timestamp: ***** Invalid (AA5F5790) CheckSum: 00007869 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80d10000 fffff800`80d24000 pcw (deferred) Image path: \SystemRoot\System32\drivers\pcw.sys Image name: pcw.sys Timestamp: ***** Invalid (D212A83E) CheckSum: 000163F7 ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80d30000 fffff800`80d70000 klupd_klif_arkmon (deferred) Image path: \SystemRoot\system32\DRIVERS\klupd_klif_arkmon.sys Image name: klupd_klif_arkmon.sys Timestamp: Wed Mar 24 02:36:11 2021 (605B161B) CheckSum: 00043547 ImageSize: 00040000 File version: 2.7.4.0 Product version: 2.7.4.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Kaspersky Bases InternalName: arkmon OriginalFilename: arkmon.sys ProductVersion: 2.7.4.0 FileVersion: 2.7.4.0 FileDescription: Kaspersky Lab Anti-Rootkit Monitor Driver LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`80d80000 fffff800`80d8b000 msisadrv (deferred) Image path: \SystemRoot\System32\drivers\msisadrv.sys Image name: msisadrv.sys Timestamp: ***** Invalid (D84D625E) CheckSum: 0000B688 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80d90000 fffff800`80da5000 vdrvroot (deferred) Image path: \SystemRoot\System32\drivers\vdrvroot.sys Image name: vdrvroot.sys Timestamp: ***** Invalid (E613EBA7) CheckSum: 000184EC ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80db0000 fffff800`80ddf000 pdc (deferred) Image path: \SystemRoot\system32\drivers\pdc.sys Image name: pdc.sys Timestamp: Sat May 26 23:23:12 1984 (1B16F9E0) CheckSum: 000324F1 ImageSize: 0002F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80de0000 fffff800`80df9000 CEA (deferred) Image path: \SystemRoot\system32\drivers\CEA.sys Image name: CEA.sys Timestamp: Thu Jun 10 08:40:49 2032 (75736B91) CheckSum: 00022BC5 ImageSize: 00019000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80e00000 fffff800`80e78000 pci (deferred) Image path: \SystemRoot\System32\drivers\pci.sys Image name: pci.sys Timestamp: Wed Jul 29 03:09:24 2037 (7F1B0A64) CheckSum: 0007F6EF ImageSize: 00078000 File version: 10.0.19041.488 Product version: 10.0.19041.488 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: pci.sys OriginalFilename: pci.sys ProductVersion: 10.0.19041.488 FileVersion: 10.0.19041.488 (WinBuild.160101.0800) FileDescription: NT Plug and Play PCI Enumerator LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`80e80000 fffff800`80eb1000 partmgr (deferred) Image path: \SystemRoot\System32\drivers\partmgr.sys Image name: partmgr.sys Timestamp: Sat Aug 06 18:26:06 2016 (57A69C3E) CheckSum: 0002D745 ImageSize: 00031000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80ec0000 fffff800`80f6a000 spaceport (deferred) Image path: \SystemRoot\System32\drivers\spaceport.sys Image name: spaceport.sys Timestamp: ***** Invalid (ABAEDF84) CheckSum: 000B3A4F ImageSize: 000AA000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80f70000 fffff800`80f89000 volmgr (deferred) Image path: \SystemRoot\System32\drivers\volmgr.sys Image name: volmgr.sys Timestamp: Thu Nov 20 06:06:06 2025 (691F204E) CheckSum: 00021FF2 ImageSize: 00019000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`80f90000 fffff800`80ff3000 volmgrx (deferred) Image path: \SystemRoot\System32\drivers\volmgrx.sys Image name: volmgrx.sys Timestamp: Fri Nov 29 10:04:07 2013 (5298D717) CheckSum: 0006AB53 ImageSize: 00063000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81000000 fffff800`8101e000 mountmgr (deferred) Image path: \SystemRoot\System32\drivers\mountmgr.sys Image name: mountmgr.sys Timestamp: Fri May 11 14:20:58 2029 (6FA7424A) CheckSum: 00024BD0 ImageSize: 0001E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81020000 fffff800`810b5000 mvs91xx (deferred) Image path: \SystemRoot\System32\drivers\mvs91xx.sys Image name: mvs91xx.sys Timestamp: Tue Jan 19 21:47:12 2016 (569F1F60) CheckSum: 000577B0 ImageSize: 00095000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`810c0000 fffff800`81170000 storport (deferred) Image path: \SystemRoot\System32\drivers\storport.sys Image name: storport.sys Timestamp: ***** Invalid (8566CB6A) CheckSum: 000B9B99 ImageSize: 000B0000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81180000 fffff800`81188000 mvxxmm (deferred) Image path: \SystemRoot\System32\drivers\mvxxmm.sys Image name: mvxxmm.sys Timestamp: Tue Jan 19 21:46:43 2016 (569F1F43) CheckSum: 0000BA29 ImageSize: 00008000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81190000 fffff800`812bf000 iaStorE (deferred) Image path: \SystemRoot\System32\drivers\iaStorE.sys Image name: iaStorE.sys Timestamp: Mon Jan 13 13:05:06 2020 (5E1CDB82) CheckSum: 00110008 ImageSize: 0012F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`812e0000 fffff800`812fa000 fileinfo (deferred) Image path: \SystemRoot\System32\drivers\fileinfo.sys Image name: fileinfo.sys Timestamp: ***** Invalid (AEE275C2) CheckSum: 0002169B ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81300000 fffff800`81340000 Wof (deferred) Image path: \SystemRoot\System32\Drivers\Wof.sys Image name: Wof.sys Timestamp: ***** Invalid (97F984C4) CheckSum: 0003D008 ImageSize: 00040000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81350000 fffff800`81629000 Ntfs (deferred) Image path: \SystemRoot\System32\Drivers\Ntfs.sys Image name: Ntfs.sys Timestamp: Sun Dec 21 22:54:01 1997 (349E0E89) CheckSum: 002C1FB0 ImageSize: 002D9000 File version: 10.0.19041.508 Product version: 10.0.19041.508 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: ntfs.sys OriginalFilename: ntfs.sys ProductVersion: 10.0.19041.508 FileVersion: 10.0.19041.508 (WinBuild.160101.0800) FileDescription: NT File System Driver LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`81630000 fffff800`8163d000 Fs_Rec (deferred) Image path: \SystemRoot\System32\Drivers\Fs_Rec.sys Image name: Fs_Rec.sys Timestamp: ***** Invalid (B9E5C55C) CheckSum: 00017B4B ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81640000 fffff800`817af000 ndis (deferred) Image path: \SystemRoot\system32\drivers\ndis.sys Image name: ndis.sys Timestamp: ***** Invalid (A3B0E6FE) CheckSum: 0016EB12 ImageSize: 0016F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`817b0000 fffff800`81848000 NETIO (deferred) Image path: \SystemRoot\system32\drivers\NETIO.SYS Image name: NETIO.SYS Timestamp: Wed Jul 22 02:46:16 2015 (55AF7478) CheckSum: 000A160A ImageSize: 00098000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81850000 fffff800`81882000 ksecpkg (deferred) Image path: \SystemRoot\System32\Drivers\ksecpkg.sys Image name: ksecpkg.sys Timestamp: ***** Invalid (EB0A8339) CheckSum: 0002E880 ImageSize: 00032000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81890000 fffff800`81b7c000 tcpip (deferred) Image path: \SystemRoot\System32\drivers\tcpip.sys Image name: tcpip.sys Timestamp: ***** Invalid (9976B086) CheckSum: 002E509B ImageSize: 002EC000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81b80000 fffff800`81bff000 fwpkclnt (deferred) Image path: \SystemRoot\System32\drivers\fwpkclnt.sys Image name: fwpkclnt.sys Timestamp: Wed Dec 18 17:08:15 1985 (1E076A7F) CheckSum: 0007F498 ImageSize: 0007F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81c00000 fffff800`81c30000 wfplwfs (deferred) Image path: \SystemRoot\System32\drivers\wfplwfs.sys Image name: wfplwfs.sys Timestamp: Mon Mar 31 19:31:38 1997 (3340819A) CheckSum: 00035119 ImageSize: 00030000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81c40000 fffff800`81d09000 fvevol (deferred) Image path: \SystemRoot\System32\DRIVERS\fvevol.sys Image name: fvevol.sys Timestamp: Sat Nov 26 02:24:12 1994 (2ED70CCC) CheckSum: 000C5DEF ImageSize: 000C9000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81d10000 fffff800`81d1c000 apmwin (deferred) Image path: \SystemRoot\system32\DRIVERS\apmwin.sys Image name: apmwin.sys Timestamp: Wed Dec 28 01:12:34 2016 (58638202) CheckSum: 00012FAA ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81d20000 fffff800`81d33000 gpt_loader (deferred) Image path: \SystemRoot\system32\DRIVERS\gpt_loader.sys Image name: gpt_loader.sys Timestamp: Wed Dec 28 01:12:24 2016 (586381F8) CheckSum: 00014F27 ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81d40000 fffff800`81d4f000 mounthlp (deferred) Image path: \SystemRoot\system32\DRIVERS\mounthlp.sys Image name: mounthlp.sys Timestamp: Wed Dec 28 01:12:27 2016 (586381FB) CheckSum: 0000FBFA ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81d50000 fffff800`81d5b000 volume (deferred) Image path: \SystemRoot\System32\drivers\volume.sys Image name: volume.sys Timestamp: ***** Invalid (83CF10C9) CheckSum: 000083D7 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81d60000 fffff800`81dcd000 volsnap (deferred) Image path: \SystemRoot\System32\drivers\volsnap.sys Image name: volsnap.sys Timestamp: ***** Invalid (8AFD80F6) CheckSum: 00077353 ImageSize: 0006D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81dd0000 fffff800`81e20000 rdyboost (deferred) Image path: \SystemRoot\System32\drivers\rdyboost.sys Image name: rdyboost.sys Timestamp: Fri Feb 25 08:44:32 2033 (76CA3270) CheckSum: 00048E48 ImageSize: 00050000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81e30000 fffff800`81e56000 mup (deferred) Image path: \SystemRoot\System32\Drivers\mup.sys Image name: mup.sys Timestamp: ***** Invalid (FB1EDB95) CheckSum: 0002B433 ImageSize: 00026000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81e60000 fffff800`81e79000 klupd_KLIF_klbg (deferred) Image path: \SystemRoot\System32\Drivers\klupd_KLIF_klbg.sys Image name: klupd_KLIF_klbg.sys Timestamp: Wed Mar 24 02:58:58 2021 (605B1B72) CheckSum: 000257EF ImageSize: 00019000 File version: 11.7.3.0 Product version: 11.7.3.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Kaspersky Bases InternalName: klbg OriginalFilename: klbg.sys ProductVersion: 11.7.3.0 FileVersion: 11.7.3.0 FileDescription: Kaspersky Lab Boot Guard Driver LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`81e80000 fffff800`81e92000 iorate (deferred) Image path: \SystemRoot\system32\drivers\iorate.sys Image name: iorate.sys Timestamp: ***** Invalid (94A693A6) CheckSum: 0001BF87 ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81ea0000 fffff800`81eab000 iaStorF (deferred) Image path: \SystemRoot\System32\drivers\iaStorF.sys Image name: iaStorF.sys Timestamp: Fri Nov 24 02:31:28 2017 (5A17F500) CheckSum: 00016CC4 ImageSize: 0000B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81ed0000 fffff800`81eec000 disk (deferred) Image path: \SystemRoot\System32\drivers\disk.sys Image name: disk.sys Timestamp: Tue Feb 01 17:11:22 1994 (2D4EFDBA) CheckSum: 00020B81 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`81ef0000 fffff800`81f5c000 CLASSPNP (deferred) Image path: \SystemRoot\System32\drivers\CLASSPNP.SYS Image name: CLASSPNP.SYS Timestamp: Tue Jun 30 09:16:26 1981 (159F6BEA) CheckSum: 0006AD87 ImageSize: 0006C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82400000 fffff800`824d6000 peauth (deferred) Image path: \SystemRoot\system32\drivers\peauth.sys Image name: peauth.sys Timestamp: Thu Jun 30 12:25:54 1977 (0E1978D2) CheckSum: 000CAE00 ImageSize: 000D6000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`824e0000 fffff800`824fc000 rassstp (deferred) Image path: \SystemRoot\System32\drivers\rassstp.sys Image name: rassstp.sys Timestamp: Fri Feb 01 21:39:06 2002 (3C5B7B7A) CheckSum: 0001D4E6 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82500000 fffff800`8251d000 NDProxy (deferred) Image path: \SystemRoot\System32\DRIVERS\NDProxy.sys Image name: NDProxy.sys Timestamp: ***** Invalid (D564EC29) CheckSum: 00022253 ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82520000 fffff800`82547000 AgileVpn (deferred) Image path: \SystemRoot\System32\drivers\AgileVpn.sys Image name: AgileVpn.sys Timestamp: ***** Invalid (F4378452) CheckSum: 00023624 ImageSize: 00027000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82550000 fffff800`82568000 uaspstor (deferred) Image path: \SystemRoot\System32\drivers\uaspstor.sys Image name: uaspstor.sys Timestamp: Thu Jun 24 20:11:29 2004 (40DBA5F1) CheckSum: 0001535A ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82570000 fffff800`82589000 klbackupdisk (deferred) Image path: \SystemRoot\system32\DRIVERS\klbackupdisk.sys Image name: klbackupdisk.sys Timestamp: Mon Jan 25 08:51:07 2021 (600EF6FB) CheckSum: 00029377 ImageSize: 00019000 File version: 30.587.0.170 Product version: 30.587.0.170 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klbackupdisk ProductVersion: 30.587.0.170-e30f0c58d6 FileVersion: 30.587.0.170 FileDescription: Backup Disk Filter [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`82590000 fffff800`825c0000 cdrom (deferred) Image path: \SystemRoot\System32\drivers\cdrom.sys Image name: cdrom.sys Timestamp: ***** Invalid (D4B31131) CheckSum: 000346A0 ImageSize: 00030000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`825d0000 fffff800`8265a000 klflt (deferred) Image path: \SystemRoot\system32\DRIVERS\klflt.sys Image name: klflt.sys Timestamp: Fri Feb 19 05:50:35 2021 (602FC22B) CheckSum: 00088DDE ImageSize: 0008A000 File version: 30.587.0.1070 Product version: 30.587.0.1070 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klflt ProductVersion: 30.587.0.1070-a81ac642e3 FileVersion: 30.587.0.1070 FileDescription: Filter Core [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`82660000 fffff800`82691000 klbackupflt (deferred) Image path: \SystemRoot\system32\DRIVERS\klbackupflt.sys Image name: klbackupflt.sys Timestamp: Fri Feb 05 16:46:23 2021 (601DE6DF) CheckSum: 00037AFC ImageSize: 00031000 File version: 30.587.0.810 Product version: 30.587.0.810 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klbackupflt ProductVersion: 30.587.0.810-636fda9fe5 FileVersion: 30.587.0.810 FileDescription: Backup File Filter [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`826a0000 fffff800`826b5000 filecrypt (deferred) Image path: \SystemRoot\system32\drivers\filecrypt.sys Image name: filecrypt.sys Timestamp: Fri Mar 01 03:12:42 2002 (3C7F622A) CheckSum: 0000FEC3 ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`826c0000 fffff800`826ce000 tbs (deferred) Image path: \SystemRoot\system32\drivers\tbs.sys Image name: tbs.sys Timestamp: ***** Invalid (BBC1ED87) CheckSum: 00011119 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`826d0000 fffff800`827d9000 klif (deferred) Image path: \SystemRoot\system32\DRIVERS\klif.sys Image name: klif.sys Timestamp: Fri Feb 19 05:51:17 2021 (602FC255) CheckSum: 0010D1EF ImageSize: 00109000 File version: 30.587.0.1070 Product version: 30.587.0.1070 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klif ProductVersion: 30.587.0.1070-a81ac642e3 FileVersion: 30.587.0.1070 FileDescription: Core System Interceptors [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`827e0000 fffff800`82856000 ks (deferred) Image path: \SystemRoot\system32\DRIVERS\ks.sys Image name: ks.sys Timestamp: ***** Invalid (F812DE3F) CheckSum: 000751CB ImageSize: 00076000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82860000 fffff800`829df000 klhk (deferred) Image path: \SystemRoot\system32\DRIVERS\klhk.sys Image name: klhk.sys Timestamp: Mon Jan 25 08:51:13 2021 (600EF701) CheckSum: 0015F58F ImageSize: 0017F000 File version: 30.587.0.170 Product version: 30.587.0.170 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klhk ProductVersion: 30.587.0.170-e30f0c58d6 FileVersion: 30.587.0.170 FileDescription: klhk [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`829e0000 fffff800`82a0b000 pacer (deferred) Image path: \SystemRoot\System32\drivers\pacer.sys Image name: pacer.sys Timestamp: ***** Invalid (FECCC466) CheckSum: 0003603B ImageSize: 0002B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82a40000 fffff800`82a5e000 crashdmp (deferred) Image path: \SystemRoot\System32\Drivers\crashdmp.sys Image name: crashdmp.sys Timestamp: ***** Invalid (9A19AF81) CheckSum: 0002129E ImageSize: 0001E000 File version: 10.0.19041.1 Product version: 10.0.19041.1 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: crashdmp.sys OriginalFilename: crashdmp.sys ProductVersion: 10.0.19041.1 FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: Crash Dump Driver LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`82ae0000 fffff800`82b1a000 ndiswan (deferred) Image path: \SystemRoot\System32\drivers\ndiswan.sys Image name: ndiswan.sys Timestamp: ***** Invalid (88F100F4) CheckSum: 0003FFCA ImageSize: 0003A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82b20000 fffff800`82b57000 klupd_KLIF_mark (deferred) Image path: \SystemRoot\System32\Drivers\klupd_KLIF_mark.sys Image name: klupd_KLIF_mark.sys Timestamp: Wed Mar 24 02:34:52 2021 (605B15CC) CheckSum: 0003EA59 ImageSize: 00037000 File version: 6.6.3.0 Product version: 6.6.3.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Kaspersky Bases InternalName: mark OriginalFilename: mark.sys ProductVersion: 6.6.3.0 FileVersion: 6.6.3.0 FileDescription: Kaspersky Lab Anti-Rootkit Memory Driver LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`82b60000 fffff800`82b9c000 klupd_KLIF_swmon (deferred) Image path: \SystemRoot\System32\Drivers\klupd_KLIF_swmon.sys Image name: klupd_KLIF_swmon.sys Timestamp: Thu Aug 19 08:36:35 2021 (611E8893) CheckSum: 00047C85 ImageSize: 0003C000 File version: 1.12.5.0 Product version: 1.12.5.0 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Kaspersky Bases InternalName: swmon OriginalFilename: swmon.sys ProductVersion: 1.12.5.0 FileVersion: 1.12.5.0 FileDescription: Kaspersky Lab System Watcher Monitor Driver LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`82bb0000 fffff800`82bc4000 ndiscap (deferred) Image path: \SystemRoot\System32\drivers\ndiscap.sys Image name: ndiscap.sys Timestamp: ***** Invalid (DCEEC70E) CheckSum: 0001C38B ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82bd0000 fffff800`82be4000 netbios (deferred) Image path: \SystemRoot\system32\drivers\netbios.sys Image name: netbios.sys Timestamp: Fri Nov 12 13:10:06 2021 (618ED82E) CheckSum: 0001A9AF ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82c00000 fffff800`82fa4000 dxgkrnl (deferred) Image path: \SystemRoot\System32\drivers\dxgkrnl.sys Image name: dxgkrnl.sys Timestamp: ***** Invalid (B20216B8) CheckSum: 0039F5F1 ImageSize: 003A4000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82fb0000 fffff800`82fc8000 watchdog (deferred) Image path: \SystemRoot\System32\drivers\watchdog.sys Image name: watchdog.sys Timestamp: Fri Jun 16 16:44:59 2006 (4493508B) CheckSum: 000222BD ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82fd0000 fffff800`82fe6000 BasicDisplay (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_62ba5773ba05edee\BasicDisplay.sys Image name: BasicDisplay.sys Timestamp: ***** Invalid (A2092B45) CheckSum: 0001C212 ImageSize: 00016000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`82ff0000 fffff800`83001000 BasicRender (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_49a8589f00d970d9\BasicRender.sys Image name: BasicRender.sys Timestamp: ***** Invalid (EE8C9717) CheckSum: 00016443 ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83010000 fffff800`83017000 DamewareMini (deferred) Image path: \SystemRoot\System32\drivers\DamewareMini.sys Image name: DamewareMini.sys Timestamp: Sun Mar 16 10:42:28 2008 (47DD6A14) CheckSum: 0000921C ImageSize: 00007000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83020000 fffff800`83035000 VIDEOPRT (deferred) Image path: \SystemRoot\System32\drivers\VIDEOPRT.SYS Image name: VIDEOPRT.SYS Timestamp: Thu Jan 18 03:16:03 1979 (11047A73) CheckSum: 000159DE ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83040000 fffff800`8305c000 Npfs (deferred) Image path: \SystemRoot\System32\Drivers\Npfs.SYS Image name: Npfs.SYS Timestamp: ***** Invalid (9E3E4C73) CheckSum: 000192F7 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83060000 fffff800`83071000 Msfs (deferred) Image path: \SystemRoot\System32\Drivers\Msfs.SYS Image name: Msfs.SYS Timestamp: ***** Invalid (95155DF1) CheckSum: 0001A9B5 ImageSize: 00011000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83080000 fffff800`8309b000 CimFS (deferred) Image path: \SystemRoot\System32\Drivers\CimFS.SYS Image name: CimFS.SYS Timestamp: Sun Nov 15 00:49:44 2037 (7FAA9D28) CheckSum: 00018CE5 ImageSize: 0001B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`830a0000 fffff800`830c4000 klwfp (deferred) Image path: \SystemRoot\system32\DRIVERS\klwfp.sys Image name: klwfp.sys Timestamp: ***** Invalid (EB577675) CheckSum: 0002CDC2 ImageSize: 00024000 File version: 30.587.0.170 Product version: 30.587.0.170 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klwfp ProductVersion: 30.587.0.170-e30f0c58d6 FileVersion: 30.587.0.170 FileDescription: WFP Network Filter [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`830d0000 fffff800`830f2000 tdx (deferred) Image path: \SystemRoot\system32\DRIVERS\tdx.sys Image name: tdx.sys Timestamp: Thu Oct 03 22:47:28 1991 (28EC0E80) CheckSum: 000273F3 ImageSize: 00022000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83100000 fffff800`83110000 TDI (deferred) Image path: \SystemRoot\system32\DRIVERS\TDI.SYS Image name: TDI.SYS Timestamp: ***** Invalid (D1AD2BD4) CheckSum: 0000D19A ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83120000 fffff800`83135000 klim6 (deferred) Image path: \SystemRoot\system32\DRIVERS\klim6.sys Image name: klim6.sys Timestamp: ***** Invalid (D15AC501) CheckSum: 0002025E ImageSize: 00015000 File version: 30.587.0.930 Product version: 30.587.0.930 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klim6 ProductVersion: 30.587.0.930-ef5965511c FileVersion: 30.587.0.930 FileDescription: Packet Network Filter [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`83140000 fffff800`8315a000 vwififlt (deferred) Image path: \SystemRoot\System32\drivers\vwififlt.sys Image name: vwififlt.sys Timestamp: Wed Jan 06 23:07:33 2010 (4B458835) CheckSum: 0001814D ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83170000 fffff800`83212000 klgse (deferred) Image path: \SystemRoot\system32\DRIVERS\klgse.sys Image name: klgse.sys Timestamp: Mon Feb 08 07:51:31 2021 (60215E03) CheckSum: 000A7591 ImageSize: 000A2000 File version: 30.587.0.830 Product version: 30.587.0.830 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klgse ProductVersion: 30.587.0.830-2713fb5b5d FileVersion: 30.587.0.830 FileDescription: Security Extender [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`83220000 fffff800`83232000 klpd (deferred) Image path: \SystemRoot\system32\DRIVERS\klpd.sys Image name: klpd.sys Timestamp: Mon Jan 25 08:51:07 2021 (600EF6FB) CheckSum: 0001F6D9 ImageSize: 00012000 File version: 30.587.0.170 Product version: 30.587.0.170 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klpd ProductVersion: 30.587.0.170-e30f0c58d6 FileVersion: 30.587.0.170 FileDescription: Format Recognizer [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners Page 20001f64b too large to be in the dump file. fffff800`83240000 fffff800`8324a000 Null (deferred) Image path: \SystemRoot\System32\Drivers\Null.SYS Image name: Null.SYS Page 20001f64b too large to be in the dump file. Timestamp: unavailable (FFFFFFFE) CheckSum: missing ImageSize: 0000A000 Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. Page 20001f64b too large to be in the dump file. fffff800`83250000 fffff800`8325a000 Beep (deferred) Image path: \SystemRoot\System32\Drivers\Beep.SYS Image name: Beep.SYS Timestamp: ***** Invalid (E4AC8238) CheckSum: 00008685 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83260000 fffff800`8326d000 dwvkbd64 (deferred) Image path: \SystemRoot\system32\DRIVERS\dwvkbd64.sys Image name: dwvkbd64.sys Timestamp: Wed Apr 11 13:22:37 2007 (461D519D) CheckSum: 0000A755 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83270000 fffff800`832cc000 netbt (deferred) Image path: \SystemRoot\System32\DRIVERS\netbt.sys Image name: netbt.sys Timestamp: ***** Invalid (8908830E) CheckSum: 000553BD ImageSize: 0005C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`832d0000 fffff800`832e3000 afunix (deferred) Image path: \SystemRoot\system32\drivers\afunix.sys Image name: afunix.sys Timestamp: ***** Invalid (9501F0D8) CheckSum: 00018987 ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`832f0000 fffff800`83393000 afd (deferred) Image path: \SystemRoot\system32\drivers\afd.sys Image name: afd.sys Timestamp: ***** Invalid (CC0C9B73) CheckSum: 000A334A ImageSize: 000A3000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`833a0000 fffff800`833eb000 klwtp (deferred) Image path: \SystemRoot\system32\DRIVERS\klwtp.sys Image name: klwtp.sys Timestamp: ***** Invalid (F54B0C36) CheckSum: 0005B951 ImageSize: 0004B000 File version: 30.587.0.590 Product version: 30.587.0.590 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klwtp ProductVersion: 30.587.0.590-5f439758d8 FileVersion: 30.587.0.590 FileDescription: WFP Network Connection Filter Driver [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`83400000 fffff800`83412000 nsiproxy (deferred) Image path: \SystemRoot\system32\drivers\nsiproxy.sys Image name: nsiproxy.sys Timestamp: ***** Invalid (E65AB811) CheckSum: 0001515A ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83420000 fffff800`8342e000 npsvctrig (deferred) Image path: \SystemRoot\System32\drivers\npsvctrig.sys Image name: npsvctrig.sys Timestamp: Sun Jan 05 18:41:12 2025 (677B42C8) CheckSum: 000119D3 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83430000 fffff800`83440000 mssmbios (deferred) Image path: \SystemRoot\System32\drivers\mssmbios.sys Image name: mssmbios.sys Timestamp: Thu Mar 17 08:26:02 2022 (6233611A) CheckSum: 0000DD1D ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83450000 fffff800`83499000 kneps (deferred) Image path: \SystemRoot\system32\DRIVERS\kneps.sys Image name: kneps.sys Timestamp: ***** Invalid (CEAE8F0E) CheckSum: 00049AF2 ImageSize: 00049000 File version: 30.587.0.460 Product version: 30.587.0.460 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: kneps ProductVersion: 30.587.0.460-f74872ca72 FileVersion: 30.587.0.460 FileDescription: Network Processor [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`834f0000 fffff800`834fa000 gpuenergydrv (deferred) Image path: \SystemRoot\System32\drivers\gpuenergydrv.sys Image name: gpuenergydrv.sys Timestamp: ***** Invalid (F10C03D8) CheckSum: 00009EA6 ImageSize: 0000A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83500000 fffff800`8352c000 dfsc (deferred) Image path: \SystemRoot\System32\Drivers\dfsc.sys Image name: dfsc.sys Timestamp: ***** Invalid (F5D01020) CheckSum: 00031317 ImageSize: 0002C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83530000 fffff800`83545000 tcpipreg (deferred) Image path: \SystemRoot\System32\drivers\tcpipreg.sys Image name: tcpipreg.sys Timestamp: Fri May 11 20:43:31 1973 (0651E2F3) CheckSum: 0001BF67 ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83550000 fffff800`83567000 bam (deferred) Image path: \SystemRoot\system32\drivers\bam.sys Image name: bam.sys Timestamp: Fri Mar 26 23:41:44 2010 (4BADB6B8) CheckSum: 00019328 ImageSize: 00017000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83570000 fffff800`835be000 ahcache (deferred) Image path: \SystemRoot\system32\DRIVERS\ahcache.sys Image name: ahcache.sys Timestamp: Tue Mar 26 11:33:15 2019 (5C9A7E7B) CheckSum: 00052E71 ImageSize: 0004E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`835c0000 fffff800`835d4000 kbdclass (deferred) Image path: \SystemRoot\System32\drivers\kbdclass.sys Image name: kbdclass.sys Timestamp: Mon Mar 25 01:20:10 1996 (3156654A) CheckSum: 0001CE1A ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`835e0000 fffff800`835f2000 CompositeBus (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys Image name: CompositeBus.sys Timestamp: Wed Oct 28 00:32:02 2026 (6AE1B302) CheckSum: 00015BD2 ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83600000 fffff800`8360d000 kdnic (deferred) Image path: \SystemRoot\System32\drivers\kdnic.sys Image name: kdnic.sys Timestamp: ***** Invalid (9401D3B8) CheckSum: 000178DD ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83610000 fffff800`83625000 umbus (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys Image name: umbus.sys Timestamp: ***** Invalid (E7B4847E) CheckSum: 0001394F ImageSize: 00015000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83630000 fffff800`8375f000 dump_iaStorE (deferred) Image path: \SystemRoot\System32\drivers\dump_iaStorE.sys Image name: dump_iaStorE.sys Timestamp: Mon Jan 13 13:05:06 2020 (5E1CDB82) CheckSum: 00110008 ImageSize: 0012F000 File version: 6.3.0.1022 Product version: 6.3.0.1022 File flags: 8 (Mask 3F) Private File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Intel Corporation ProductName: Intel Virtual RAID on CPUdriver InternalName: iaStor.sys OriginalFilename: iaStor.sys ProductVersion: 6.3.0.1022 FileVersion: 6.3.0.1022 PrivateBuild: 6.3.0.1022 SpecialBuild: 6.3.0.1022 FileDescription: Intel Virtual RAID on CPUdriver - x64 LegalCopyright: Copyright(C) Intel Corporation 1994-2019 LegalTrademarks: Copyright(C) Intel Corporation 1994-2019 Comments: -x64 fffff800`83760000 fffff800`83841000 dxgmms2 (deferred) Image path: \SystemRoot\System32\drivers\dxgmms2.sys Image name: dxgmms2.sys Timestamp: Thu Apr 09 16:03:45 1970 (00828561) CheckSum: 000EB4C5 ImageSize: 000E1000 File version: 10.0.19041.508 Product version: 10.0.19041.508 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: dxgmms2.sys OriginalFilename: dxgmms2.sys ProductVersion: 10.0.19041.508 FileVersion: 10.0.19041.508 (WinBuild.160101.0800) FileDescription: DirectX Graphics MMS LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`83850000 fffff800`83886000 wcifs (deferred) Image path: \SystemRoot\system32\drivers\wcifs.sys Image name: wcifs.sys Timestamp: Sun Jan 31 18:32:49 2027 (6B5FEED1) CheckSum: 0004091A ImageSize: 00036000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83890000 fffff800`83910000 cldflt (deferred) Image path: \SystemRoot\system32\drivers\cldflt.sys Image name: cldflt.sys Timestamp: Thu Mar 20 15:36:50 2003 (3E7A5092) CheckSum: 0007EBD7 ImageSize: 00080000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83920000 fffff800`83947000 tsusbhub (deferred) Image path: \SystemRoot\System32\drivers\tsusbhub.sys Image name: tsusbhub.sys Timestamp: Sun Dec 06 01:15:32 2020 (5FCCA134) CheckSum: 0002CCCD ImageSize: 00027000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83950000 fffff800`83977000 bindflt (deferred) Image path: \SystemRoot\system32\drivers\bindflt.sys Image name: bindflt.sys Timestamp: ***** Invalid (E3483DD4) CheckSum: 0002F4EE ImageSize: 00027000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83980000 fffff800`839a5000 bowser (deferred) Image path: \SystemRoot\system32\DRIVERS\bowser.sys Image name: bowser.sys Timestamp: ***** Invalid (EDAC6813) CheckSum: 00024E4F ImageSize: 00025000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`839b0000 fffff800`83a06000 msquic (deferred) Image path: \SystemRoot\system32\drivers\msquic.sys Image name: msquic.sys Timestamp: ***** Invalid (DE688303) CheckSum: 0005615F ImageSize: 00056000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83a10000 fffff800`83aa3000 mrxsmb (deferred) Image path: \SystemRoot\system32\DRIVERS\mrxsmb.sys Image name: mrxsmb.sys Timestamp: ***** Invalid (CDB159C0) CheckSum: 0008D9C7 ImageSize: 00093000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83ab0000 fffff800`83af5000 mrxsmb20 (deferred) Image path: \SystemRoot\system32\DRIVERS\mrxsmb20.sys Image name: mrxsmb20.sys Timestamp: ***** Invalid (C5AEA72C) CheckSum: 0004D662 ImageSize: 00045000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83b00000 fffff800`83b13000 condrv (deferred) Image path: \SystemRoot\System32\drivers\condrv.sys Image name: condrv.sys Timestamp: ***** Invalid (B47B2254) CheckSum: 0001B87D ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83b20000 fffff800`83b72000 srvnet (deferred) Image path: \SystemRoot\System32\DRIVERS\srvnet.sys Image name: srvnet.sys Timestamp: Sat Aug 04 03:40:17 2001 (3B6BDF21) CheckSum: 000539AC ImageSize: 00052000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83b80000 fffff800`83c47000 srv2 (deferred) Image path: \SystemRoot\System32\DRIVERS\srv2.sys Image name: srv2.sys Timestamp: ***** Invalid (EE8E2F4F) CheckSum: 000C31D2 ImageSize: 000C7000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83c50000 fffff800`83c68000 lltdio (deferred) Image path: \SystemRoot\system32\drivers\lltdio.sys Image name: lltdio.sys Timestamp: ***** Invalid (D4D91B57) CheckSum: 00012B46 ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83c70000 fffff800`83c8b000 rspndr (deferred) Image path: \SystemRoot\system32\drivers\rspndr.sys Image name: rspndr.sys Timestamp: ***** Invalid (9E43BCCD) CheckSum: 000194E8 ImageSize: 0001B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83c90000 fffff800`83cad000 wanarp (deferred) Image path: \SystemRoot\System32\DRIVERS\wanarp.sys Image name: wanarp.sys Timestamp: Wed Dec 08 07:58:18 1976 (0D0C481A) CheckSum: 0001B428 ImageSize: 0001D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83cb0000 fffff800`83cca000 mpsdrv (deferred) Image path: \SystemRoot\System32\drivers\mpsdrv.sys Image name: mpsdrv.sys Timestamp: Thu Nov 03 06:07:36 1977 (0EBF3D28) CheckSum: 00019727 ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83cd0000 fffff800`83e56000 HTTP (deferred) Image path: \SystemRoot\system32\drivers\HTTP.sys Image name: HTTP.sys Timestamp: Sat Aug 09 12:01:22 2003 (3F355312) CheckSum: 0018B770 ImageSize: 00186000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83e60000 fffff800`83e6f000 ndistapi (deferred) Image path: \SystemRoot\System32\DRIVERS\ndistapi.sys Image name: ndistapi.sys Timestamp: Mon Aug 10 20:11:42 1987 (211E997E) CheckSum: 0001530C ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83e70000 fffff800`83e84000 mmcss (deferred) Image path: \SystemRoot\system32\drivers\mmcss.sys Image name: mmcss.sys Timestamp: ***** Invalid (A1F3B590) CheckSum: 000108D9 ImageSize: 00014000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83e90000 fffff800`83ee2000 mrxsmb10 (deferred) Image path: \SystemRoot\system32\DRIVERS\mrxsmb10.sys Image name: mrxsmb10.sys Timestamp: ***** Invalid (ABA1F2CF) CheckSum: 0005A30C ImageSize: 00052000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83ef0000 fffff800`83f17000 Ndu (deferred) Image path: \SystemRoot\system32\drivers\Ndu.sys Image name: Ndu.sys Timestamp: ***** Invalid (ABC6C894) CheckSum: 000213E1 ImageSize: 00027000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83f20000 fffff800`83fb4000 srv (deferred) Image path: \SystemRoot\System32\DRIVERS\srv.sys Image name: srv.sys Timestamp: Mon Mar 31 20:28:23 1997 (33408EE7) CheckSum: 0006E57C ImageSize: 00094000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`83fc0000 fffff800`84061000 Vid (deferred) Image path: \SystemRoot\System32\drivers\Vid.sys Image name: Vid.sys Timestamp: ***** Invalid (D8B48452) CheckSum: 000AB1EA ImageSize: 000A1000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`84070000 fffff800`84091000 winhvr (deferred) Image path: \SystemRoot\System32\drivers\winhvr.sys Image name: winhvr.sys Timestamp: ***** Invalid (C1F13DBD) CheckSum: 0001EA8A ImageSize: 00021000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`840a0000 fffff800`840b5000 klpnpflt (deferred) Image path: \SystemRoot\system32\DRIVERS\klpnpflt.sys Image name: klpnpflt.sys Timestamp: Mon Jan 25 08:51:08 2021 (600EF6FC) CheckSum: 0002062B ImageSize: 00015000 File version: 30.587.0.170 Product version: 30.587.0.170 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klpnpflt ProductVersion: 30.587.0.170-e30f0c58d6 FileVersion: 30.587.0.170 FileDescription: Generic PnP filter [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`840c0000 fffff800`840d7000 klfltdev (deferred) Image path: \SystemRoot\system32\DRIVERS\klfltdev.sys Image name: klfltdev.sys Timestamp: Mon Jan 25 08:51:08 2021 (600EF6FC) CheckSum: 00021681 ImageSize: 00017000 File version: 30.587.0.170 Product version: 30.587.0.170 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: AO Kaspersky Lab ProductName: Coretech Delivery InternalName: klfltdev ProductVersion: 30.587.0.170-e30f0c58d6 FileVersion: 30.587.0.170 FileDescription: PnP Device Filter [fre_win7_x64] LegalCopyright: © 2021 AO Kaspersky Lab. All Rights Reserved. LegalTrademarks: Registered trademarks and service marks are the property of their respective owners fffff800`840e0000 fffff800`8415b000 rdbss (deferred) Image path: \SystemRoot\system32\DRIVERS\rdbss.sys Image name: rdbss.sys Timestamp: Sat Jul 10 02:51:55 2010 (4C3850CB) CheckSum: 0007E4B9 ImageSize: 0007B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`84160000 fffff800`841f4000 csc (deferred) Image path: \SystemRoot\system32\drivers\csc.sys Image name: csc.sys Timestamp: Thu Sep 22 14:17:30 1994 (2E82027A) CheckSum: 00091932 ImageSize: 00094000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85400000 fffff800`85444000 ucx01000 (deferred) Image path: \SystemRoot\system32\drivers\ucx01000.sys Image name: ucx01000.sys Timestamp: Wed Mar 07 16:31:05 1979 (11447CC9) CheckSum: 0004DFDA ImageSize: 00044000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85450000 fffff800`85484000 TeeDriverW8x64 (deferred) Image path: \SystemRoot\System32\drivers\TeeDriverW8x64.sys Image name: TeeDriverW8x64.sys Timestamp: Sun Nov 19 03:39:59 2017 (5A116D8F) CheckSum: 0003F054 ImageSize: 00034000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85490000 fffff800`85526000 e1d68x64 (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_26255692c8b1c6b6\e1d68x64.sys Image name: e1d68x64.sys Timestamp: Tue Sep 29 07:11:02 2020 (5F734E86) CheckSum: 00099A08 ImageSize: 00096000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85530000 fffff800`8554a000 usbehci (deferred) Image path: \SystemRoot\System32\drivers\usbehci.sys Image name: usbehci.sys Timestamp: Mon Jan 08 08:10:05 1979 (10F7905D) CheckSum: 000239DC ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85550000 fffff800`855c9000 USBPORT (deferred) Image path: \SystemRoot\System32\drivers\USBPORT.SYS Image name: USBPORT.SYS Timestamp: Sat Nov 03 06:27:44 2029 (708EDB60) CheckSum: 0007822B ImageSize: 00079000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`855d0000 fffff800`855f1000 i8042prt (deferred) Image path: \SystemRoot\System32\drivers\i8042prt.sys Image name: i8042prt.sys Timestamp: Wed Apr 03 23:16:01 2013 (515D28B1) CheckSum: 00022B0C ImageSize: 00021000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85600000 fffff800`8561c000 serial (deferred) Image path: \SystemRoot\System32\drivers\serial.sys Image name: serial.sys Timestamp: Wed Apr 19 02:23:01 2017 (58F73A85) CheckSum: 0001B585 ImageSize: 0001C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85620000 fffff800`8562f000 serenum (deferred) Image path: \SystemRoot\System32\drivers\serenum.sys Image name: serenum.sys Timestamp: ***** Invalid (A5178D42) CheckSum: 00009616 ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85630000 fffff800`8563c000 wmiacpi (deferred) Image path: \SystemRoot\System32\drivers\wmiacpi.sys Image name: wmiacpi.sys Timestamp: Wed Aug 19 05:20:44 2009 (4A8BFC2C) CheckSum: 0000CC2F ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85640000 fffff800`85680000 intelppm (deferred) Image path: \SystemRoot\System32\drivers\intelppm.sys Image name: intelppm.sys Timestamp: Tue Jun 14 02:18:00 2016 (575FD9D8) CheckSum: 00047AB7 ImageSize: 00040000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85690000 fffff800`856a0000 XtuAcpiDriver (deferred) Image path: \SystemRoot\System32\drivers\XtuAcpiDriver.sys Image name: XtuAcpiDriver.sys Timestamp: Thu Mar 05 16:20:30 2020 (5E61974E) CheckSum: 0001DB9D ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`856b0000 fffff800`856bd000 NdisVirtualBus (deferred) Image path: \SystemRoot\System32\drivers\NdisVirtualBus.sys Image name: NdisVirtualBus.sys Timestamp: ***** Invalid (A7AE93D1) CheckSum: 00014F1D ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`856c0000 fffff800`856cc000 swenum (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys Image name: swenum.sys Timestamp: ***** Invalid (E117266B) CheckSum: 000082C9 ImageSize: 0000C000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`856d0000 fffff800`856de000 rdpbus (deferred) Image path: \SystemRoot\System32\drivers\rdpbus.sys Image name: rdpbus.sys Timestamp: ***** Invalid (84DFD52A) CheckSum: 000106CE ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`856e0000 fffff800`85765000 usbhub (deferred) Image path: \SystemRoot\System32\drivers\usbhub.sys Image name: usbhub.sys Timestamp: Mon Apr 24 01:59:16 2017 (58FDCC74) CheckSum: 00084516 ImageSize: 00085000 File version: 10.0.19041.1 Product version: 10.0.19041.1 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: usbhub.sys OriginalFilename: usbhub.sys ProductVersion: 10.0.19041.1 FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: Default Hub Driver for USB LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`85770000 fffff800`8577e000 USBD (deferred) Image path: \SystemRoot\System32\drivers\USBD.SYS Image name: USBD.SYS Timestamp: Wed Feb 02 14:47:35 2033 (76AC3507) CheckSum: 0000FFB7 ImageSize: 0000E000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85780000 fffff800`857b8000 nvhda64v (deferred) Image path: \SystemRoot\system32\drivers\nvhda64v.sys Image name: nvhda64v.sys Timestamp: Tue Jun 09 10:01:25 2020 (5EDFCE75) CheckSum: 0003B8F0 ImageSize: 00038000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`857c0000 fffff800`857cf000 ksthunk (deferred) Image path: \SystemRoot\system32\drivers\ksthunk.sys Image name: ksthunk.sys Timestamp: Thu Apr 25 06:23:02 1991 (2816E646) CheckSum: 00007961 ImageSize: 0000F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`857d0000 fffff800`85873000 UsbHub3 (deferred) Image path: \SystemRoot\System32\drivers\UsbHub3.sys Image name: UsbHub3.sys Timestamp: ***** Invalid (FDA30E83) CheckSum: 000AC346 ImageSize: 000A3000 File version: 10.0.19041.264 Product version: 10.0.19041.264 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: usbhub3.sys OriginalFilename: usbhub3.sys ProductVersion: 10.0.19041.264 FileVersion: 10.0.19041.264 (WinBuild.160101.0800) FileDescription: USB3 HUB Driver LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`85880000 fffff800`85e5e000 RTKVHD64 (deferred) Image path: \SystemRoot\system32\drivers\RTKVHD64.sys Image name: RTKVHD64.sys Timestamp: Thu Sep 24 02:20:38 2020 (5F6C72F6) CheckSum: 005EDBA6 ImageSize: 005DE000 File version: 6.0.9035.1 Product version: 6.0.9035.1 File flags: 8 (Mask 3F) Private File OS: 40004 NT Win32 File type: 3.9 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Realtek Semiconductor Corp. ProductName: Realtek(r) High Definition Audio Function Driver InternalName: RTKVHD64.sys 9035 OriginalFilename: RTKVHD64.sys ProductVersion: 6.0.9035.1 FileVersion: 6.0.9035.1 built by: WinDDK FileDescription: Realtek(r) High Definition Audio Function Driver LegalCopyright: Copyright (c) Realtek Semiconductor Corp.1998-2013 fffff800`85e60000 fffff800`85e78000 mslldp (deferred) Image path: \SystemRoot\system32\drivers\mslldp.sys Image name: mslldp.sys Timestamp: Wed Aug 07 19:50:12 2030 (71FCC6F4) CheckSum: 00016923 ImageSize: 00018000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85e80000 fffff800`85e92000 hidusb (deferred) Image path: \SystemRoot\System32\drivers\hidusb.sys Image name: hidusb.sys Timestamp: ***** Invalid (A66785A7) CheckSum: 000170ED ImageSize: 00012000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85ea0000 fffff800`85edf000 HIDCLASS (deferred) Image path: \SystemRoot\System32\drivers\HIDCLASS.SYS Image name: HIDCLASS.SYS Timestamp: ***** Invalid (A07210A7) CheckSum: 0003DA22 ImageSize: 0003F000 File version: 10.0.19041.1 Product version: 10.0.19041.1 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 2.0 Dll File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: hidclass.sys OriginalFilename: hidclass.sys ProductVersion: 10.0.19041.1 FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: Hid Class Library LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`85ee0000 fffff800`85ef3000 HIDPARSE (deferred) Image path: \SystemRoot\System32\drivers\HIDPARSE.SYS Image name: HIDPARSE.SYS Timestamp: Wed Aug 27 17:20:06 1997 (3404D246) CheckSum: 00016359 ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85f00000 fffff800`85f10000 mouhid (deferred) Image path: \SystemRoot\System32\drivers\mouhid.sys Image name: mouhid.sys Timestamp: ***** Invalid (E502FBD9) CheckSum: 000173E5 ImageSize: 00010000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85f20000 fffff800`85f33000 mouclass (deferred) Image path: \SystemRoot\System32\drivers\mouclass.sys Image name: mouclass.sys Timestamp: Tue Jan 07 02:19:56 2003 (3E1AA9CC) CheckSum: 00019679 ImageSize: 00013000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`85f50000 fffff800`85f5e000 dump_diskdump (deferred) Image path: \SystemRoot\System32\Drivers\dump_diskdump.sys Image name: dump_diskdump.sys Timestamp: ***** Invalid (95F39C8A) CheckSum: 0000B16B ImageSize: 0000E000 File version: 10.0.19041.1 Product version: 10.0.19041.1 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: diskdump.sys OriginalFilename: diskdump.sys ProductVersion: 10.0.19041.1 FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: Crash Dump Disk Driver LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`860b0000 fffff800`860cd000 dump_dumpfve (deferred) Image path: \SystemRoot\System32\Drivers\dump_dumpfve.sys Image name: dump_dumpfve.sys Timestamp: Thu Oct 05 10:32:17 2023 (651F0131) CheckSum: 00022E48 ImageSize: 0001D000 File version: 10.0.19041.1 Product version: 10.0.19041.1 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0000.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: dumpfve.sys OriginalFilename: dumpfve.sys ProductVersion: 10.0.19041.1 FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: Bitlocker Drive Encryption Crashdump Filter LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`860d0000 fffff800`860eb000 monitor (deferred) Image path: \SystemRoot\System32\drivers\monitor.sys Image name: monitor.sys Timestamp: Wed May 01 10:30:47 1985 (1CD682D7) CheckSum: 0001751B ImageSize: 0001B000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`860f0000 fffff800`860fd000 rdpvideominiport (deferred) Image path: \SystemRoot\System32\drivers\rdpvideominiport.sys Image name: rdpvideominiport.sys Timestamp: Sun Jul 12 11:13:17 1981 (15AF594D) CheckSum: 00015381 ImageSize: 0000D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`86100000 fffff800`8612f000 rdpdr (deferred) Image path: \SystemRoot\System32\drivers\rdpdr.sys Image name: rdpdr.sys Timestamp: ***** Invalid (9EEF34DA) CheckSum: 0002BAD1 ImageSize: 0002F000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`86130000 fffff800`86159000 luafv (deferred) Image path: \SystemRoot\system32\drivers\luafv.sys Image name: luafv.sys Timestamp: Sat Jan 23 18:15:51 2016 (56A433D7) CheckSum: 00030A3A ImageSize: 00029000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`86160000 fffff800`8726d000 nvlddmkm (deferred) Image path: \SystemRoot\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys Image name: nvlddmkm.sys Timestamp: Fri Mar 23 15:02:22 2018 (5AB5877E) CheckSum: 010C6B80 ImageSize: 0110D000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`87270000 fffff800`87295000 HDAudBus (deferred) Image path: \SystemRoot\System32\drivers\HDAudBus.sys Image name: HDAudBus.sys Timestamp: Wed Nov 17 21:08:44 2021 (6195DFDC) CheckSum: 000268EC ImageSize: 00025000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`872a0000 fffff800`87306000 portcls (deferred) Image path: \SystemRoot\System32\drivers\portcls.sys Image name: portcls.sys Timestamp: Mon Dec 23 15:28:58 2002 (3E079C3A) CheckSum: 0006B23D ImageSize: 00066000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`87310000 fffff800`87331000 drmk (deferred) Image path: \SystemRoot\System32\drivers\drmk.sys Image name: drmk.sys Timestamp: ***** Invalid (92B1AC47) CheckSum: 0001A51A ImageSize: 00021000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 fffff800`87340000 fffff800`873d8000 USBXHCI (deferred) Image path: \SystemRoot\System32\drivers\USBXHCI.SYS Image name: USBXHCI.SYS Timestamp: Sun Aug 07 06:37:42 1994 (2E44F1B6) CheckSum: 0009CD76 ImageSize: 00098000 File version: 10.0.19041.488 Product version: 10.0.19041.488 File flags: 0 (Mask 3F) File OS: 40004 NT Win32 File type: 3.7 Driver File date: 00000000.00000000 Translations: 0409.04b0 CompanyName: Microsoft Corporation ProductName: Microsoft® Windows® Operating System InternalName: usbxhci.sys OriginalFilename: usbxhci.sys ProductVersion: 10.0.19041.488 FileVersion: 10.0.19041.488 (WinBuild.160101.0800) FileDescription: USB XHCI Driver LegalCopyright: © Microsoft Corporation. All rights reserved. fffff800`873e0000 fffff800`873fa000 storqosflt (deferred) Image path: \SystemRoot\system32\drivers\storqosflt.sys Image name: storqosflt.sys Timestamp: Mon Apr 09 10:08:30 2007 (461A811E) CheckSum: 00025AFB ImageSize: 0001A000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 Unloaded modules: fffff800`834a0000 fffff800`834e2000 klids.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00042000 fffff800`82ac0000 fffff800`82add000 raspppoe.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001D000 fffff800`82a90000 fffff800`82ab2000 raspptp.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00022000 fffff800`82a60000 fffff800`82a82000 rasl2tp.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00022000 fffff800`83160000 fffff800`8316e000 WSDPrint.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000E000 fffff800`7eb70000 fffff800`7eb7f000 WpdUpFltr.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000F000 fffff800`7eb10000 fffff800`7eb65000 WUDFRd.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00055000 fffff800`7eb80000 fffff800`7eb9d000 EhStorClass.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001D000 fffff800`7f280000 fffff800`7f29d000 EhStorClass.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001D000 fffff800`82550000 fffff800`82569000 uaspstor.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00019000 fffff800`7ed60000 fffff800`7ed7d000 EhStorClass.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001D000 fffff800`834a0000 fffff800`834e2000 klids.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00042000 fffff800`83e60000 fffff800`83e6d000 csvol.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000D000 fffff800`82a70000 fffff800`82a7f000 dump_storport.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000F000 fffff800`82400000 fffff800`82530000 dump_iaStorE.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00130000 fffff800`82550000 fffff800`8256e000 dump_dumpfve.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001E000 fffff800`85e60000 fffff800`85e79000 uaspstor.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00019000 fffff800`812c0000 fffff800`812dd000 EhStorClass.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001D000 fffff800`83530000 fffff800`8354c000 dam.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0001C000 fffff800`80c50000 fffff800`80c5f000 klelam.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 0000F000 fffff800`81eb0000 fffff800`81ec1000 hwpolicy.sys Timestamp: unavailable (00000000) Checksum: 00000000 ImageSize: 00011000 6: kd> q quit: