# Pastebin Xg6nLqH6 Microsoft (R) Windows Debugger Version 10.0.19494.1001 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Users\IEUser\MEMORY.DMP] Kernel Bitmap Dump File: Full address space is available Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 17763 UP Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 17763.1.amd64fre.rs5_release.180914-1434 Machine Name: Kernel base = 0xfffff805`46a03000 PsLoadedModuleList = 0xfffff805`46e1e690 Debug session time: Tue Nov 26 12:43:49.479 2019 (UTC - 8:00) System Uptime: 0 days 0:01:31.336 Loading Kernel Symbols .....................................Page 20000cc9a too large to be in the dump file. Page 200061e99 too large to be in the dump file. .......................... ................................................................ ..................................... Loading User Symbols ................................................................ ................................................................ ................................................................ ................................................................ . Loading unloaded module list .................. For analysis of this file, run !analyze -v nt!KeBugCheckEx: fffff805`46bb7050 48894c2408 mov qword ptr [rsp+8],rcx ss:ffffae82`2c9ee790=000000000000001e kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* KMODE_EXCEPTION_NOT_HANDLED (1e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: ffffffffc0000005, The exception code that was not handled Arg2: fffff80546a88c27, The address that the exception occurred at Arg3: 0000000000000000, Parameter 0 of the exception Arg4: ffffffffffffffff, Parameter 1 of the exception Debugging Details: ------------------ Page 20000cc9a too large to be in the dump file. Page 200061e99 too large to be in the dump file. KEY_VALUES_STRING: 1 Key : Analysis.CPU.Sec Value: 2 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on MSEDGEWIN10 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 15 Key : Analysis.Memory.CommitPeak.Mb Value: 85 Key : Analysis.System Value: CreateObject VIRTUAL_MACHINE: VirtualBox BUGCHECK_CODE: 1e BUGCHECK_P1: ffffffffc0000005 BUGCHECK_P2: fffff80546a88c27 BUGCHECK_P3: 0 BUGCHECK_P4: ffffffffffffffff READ_ADDRESS: ffffffffffffffff EXCEPTION_PARAMETER2: ffffffffffffffff BLACKBOXBSD: 1 (!blackboxbsd) PROCESS_NAME: explorer.exe IRP_ADDRESS: ffff9c02ffffff89 STACK_TEXT: ffffae82`2c9ee788 fffff805`46c910ae : 00000000`0000001e ffffffff`c0000005 fffff805`46a88c27 00000000`00000000 : nt!KeBugCheckEx ffffae82`2c9ee790 fffff805`46bbfb5f : fffff805`46ee6000 fffff805`46a03000 0005bce0`00a70000 00000000`0010001f : nt!KiFatalExceptionHandler+0x22 ffffae82`2c9ee7d0 fffff805`46b18450 : ffffae82`2c9eee20 00000000`00000000 ffffae82`2c9eed40 fffff805`46db49a0 : nt!RtlpExecuteHandlerForException+0xf ffffae82`2c9ee800 fffff805`46a25c24 : ffffae82`2c9ef738 ffffae82`2c9ef480 ffffae82`2c9ef738 fffff805`45ce1180 : nt!RtlDispatchException+0x430 ffffae82`2c9eef50 fffff805`46bc89c2 : ffff9c03`1f9eaac0 fffff805`46a850ad ffff9c03`25591d1b 00000000`00000000 : nt!KiDispatchException+0x144 ffffae82`2c9ef600 fffff805`46bc484b : ffff9c03`25b5ef08 ffffffff`ffffffff 00000001`ffffffff fffffff6`00000001 : nt!KiExceptionDispatch+0xc2 ffffae82`2c9ef7e0 fffff805`46a88c27 : 00000000`fa901420 fffff805`46ac1ef1 00000000`0006f320 fffff80a`00000001 : nt!KiGeneralProtectionFault+0x30b ffffae82`2c9ef970 fffff805`46a84e21 : ffff9c03`25cf34d0 ffff9c03`00000000 ffffae82`2c9efb19 00000000`00000000 : nt!KiTryUnwaitThread+0x67 ffffae82`2c9ef9d0 fffff805`46adf17d : ffff9c03`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!IopCompleteRequest+0x1041 ffffae82`2c9efac0 fffff805`46bbb24b : 00000000`00000000 00000000`00000000 ffff9c03`00000000 ffff9c03`25b5edb0 : nt!KiDeliverApc+0x19d ffffae82`2c9efb80 fffff805`46acd3c1 : 00000000`00004000 ffffae82`2c9efee0 ffffb9dc`ee773000 ffff8000`00000000 : nt!KiApcInterrupt+0x2db ffffae82`2c9efd10 fffff805`46acb294 : 00000000`c000000d 00000000`00000000 fffff805`4a3af320 fffff805`4a3af320 : nt!MiUnlockWorkingSetShared+0xb1 ffffae82`2c9efd40 fffff805`46bc4bc9 : 00000000`00000000 00000000`00000001 fffff805`4a340000 00000000`00000000 : nt!MmAccessFault+0x224 ffffae82`2c9efee0 fffff805`46ff5290 : ffff9c03`261f3040 ffff9c03`2681fa08 00000000`00054580 ffff8000`00000000 : nt!KiPageFault+0x349 ffffae82`2c9f0070 fffff805`46ff441c : fffff805`4a340000 00000000`00000022 00000000`00000000 00000000`00088000 : nt!MiParseImageLoadConfig+0x154 ffffae82`2c9f03e0 fffff805`4704f2a1 : ffffae82`2c9f0840 ffffae82`2c9f0840 ffffae82`2c9f0660 ffffae82`2c9f0840 : nt!MiRelocateImage+0x2e0 ffffae82`2c9f0560 fffff805`47004ace : ffff9c03`26f89640 ffffae82`2c9f0840 ffffae82`2c9f0840 00000000`00000002 : nt!MiCreateNewSection+0x399 ffffae82`2c9f06d0 fffff805`4700400e : ffffae82`2c9f0700 ffffcb83`70e5f8d0 ffff9c03`26f89640 00000000`00000000 : nt!MiCreateImageOrDataSection+0x2fe ffffae82`2c9f07c0 fffff805`47003dd8 : ffffae82`2c9f09b8 00000000`11000000 ffffae82`2c9f0b80 00000000`00000001 : nt!MiCreateSection+0x10e ffffae82`2c9f0940 fffff805`47003bd4 : 00000000`02b7df60 fffff805`00000001 00000000`00000000 00000000`00000001 : nt!MiCreateSectionCommon+0x1f8 ffffae82`2c9f0a20 fffff805`46bc8305 : ffff9c03`25454080 fffff805`00000000 ffff9c03`25454080 ffffae82`2c9f0b80 : nt!NtCreateSection+0x54 ffffae82`2c9f0a90 00007ffb`fc3a00a4 : 00007ffb`f9942cae 00000000`00000005 00000000`00000001 ffffffff`00000060 : nt!KiSystemServiceCopyEnd+0x25 00000000`02b7df18 00007ffb`f9942cae : 00000000`00000005 00000000`00000001 ffffffff`00000060 00000000`00000000 : ntdll!NtCreateSection+0x14 00000000`02b7df20 00007ffb`f9942402 : 00000000`00000000 00000000`00002874 00000000`00000000 00000000`00000000 : KERNEL32!BasepGetExeArchType+0x9e 00000000`02b7e020 00007ffb`f9941d8e : 00000000`00000000 00000000`0d7d2c50 00000000`00000000 00000000`00000000 : KERNEL32!BasepCheckAppCompat+0x42 00000000`02b7e0c0 00007ffb`f87ea98a : 00000000`00000400 00000000`00000200 00000000`00000200 00000000`00000000 : KERNEL32!CheckElevation+0x8e 00000000`02b7e190 00007ffb`f87ea78d : 00000000`00000000 00000000`00000000 00007ffb`f8c21f78 00007ffb`f9a5d0e0 : windows_storage!AicCheckAdminApp+0x2e 00000000`02b7e1d0 00007ffb`f88c1247 : 00000000`0d7d3250 00000000`0d7d3250 00000000`02b7e300 00000000`00000202 : windows_storage!IsElevationRequired+0xdd 00000000`02b7e220 00007ffb`f8816099 : 00000000`00000000 00000000`02b7e3b0 00000000`0d75d930 00000000`00000000 : windows_storage!CFSFolderExtractIcon::_GetIconLocationW+0xa8097 00000000`02b7e260 00007ffb`f87aebc9 : 00000000`02b7e6f8 00000000`0d3585a0 ffffffff`fffffffe 00000000`00000000 : windows_storage!CExtractIconBase::GetIconLocation+0x29 00000000`02b7e2b0 00007ffb`f87af18e : 0000a000`46c31bba 0000a000`46c31bba 00000000`00000000 00000000`0d75d930 : windows_storage!_GetILIndexGivenPXIcon+0x85 00000000`02b7e760 00007ffb`f87b2214 : 00000000`ffffffff 00007ffb`f8f78662 00000000`08ff6c70 00000000`ffffffff : windows_storage!_GetILIndexFromItem+0x7e 00000000`02b7e800 00007ffb`f87b2b10 : 00000000`00000000 00000000`02b7e940 00000000`0d5c5460 00000000`00000000 : windows_storage!SHGetIconIndexFromPIDL+0x50 00000000`02b7e840 00007ffb`f87b2248 : 00000000`0d40f170 00007ffb`f8f78662 00000000`0d6dc930 00000000`02b7f510 : windows_storage!CFSFolder::GetIconOf+0x1e0 00000000`02b7f3e0 00007ffb`f87aee42 : 00000000`0d5c5460 00000000`02b7f510 00000000`0d75d930 00000000`00000200 : windows_storage!SHGetIconIndexFromPIDL+0x84 00000000`02b7f420 00007ffb`f8765041 : 00000000`0d4832a0 00000000`0d5179d0 00000000`0d4832a0 00000000`02b7f510 : windows_storage!MapIDListToIconILIndex+0x5a 00000000`02b7f4a0 00007ffb`f880ced1 : 00000000`00000000 00000000`0d5179d0 00000000`0d41d300 00000000`00000000 : windows_storage!CLoadSystemIconTask::InternalResumeRT+0x121 00000000`02b7f540 00007ffb`f87fd9bc : 00000000`00001108 00000000`0d41d400 00000000`0d41d3f0 00000000`0000000b : windows_storage!CRunnableTask::Run+0xc1 00000000`02b7f590 00007ffb`f87fd675 : 00000000`0d49f300 ffffffff`fffffffe 00000000`0d4178d0 ffffffff`fffffffe : windows_storage!CShellTask::TT_Run+0x3c 00000000`02b7f5c0 00007ffb`f87fd555 : 00000000`0d49f300 00000000`0d49f300 00000000`00000000 00000000`00000000 : windows_storage!CShellTaskThread::ThreadProc+0xdd 00000000`02b7f670 00007ffb`fbff2ac6 : 00007ffb`fbfc0000 00000000`7ffe0386 000095e8`3722cd0d 00000000`00a7f6d8 : windows_storage!CShellTaskThread::s_ThreadProc+0x35 00000000`02b7f6a0 00007ffb`fc3721c5 : 00000000`09a3dab0 00000000`7ffe0386 00000000`00000000 00000000`00000011 : shcore!ExecuteWorkItemThreadProc+0x16 00000000`02b7f6d0 00007ffb`fc3505c4 : 00000000`00000000 00000000`0dd068d0 00007ffb`fbff2ab0 00000000`00a7f6d8 : ntdll!RtlpTpWorkCallback+0x165 00000000`02b7f7b0 00007ffb`f9957974 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x644 00000000`02b7faa0 00007ffb`fc36a271 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14 00000000`02b7fad0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21 SYMBOL_NAME: nt!KiTryUnwaitThread+67 MODULE_NAME: nt IMAGE_NAME: ntkrnlmp.exe STACK_COMMAND: .thread ; .cxr ; kb BUCKET_ID_FUNC_OFFSET: 67 FAILURE_BUCKET_ID: 0x1E_c0000005_R_nt!KiTryUnwaitThread OS_VERSION: 10.0.17763.1 BUILDLAB_STR: rs5_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {4abda1ba-718c-fcea-57ff-6e531adb2ce2} Followup: MachineOwner ---------