Talos Vulnerability Report

TALOS-2019-0845

Intel IGC64.DLL shader functionality DCL_INDEXABLE_TEMP denial-of-service vulnerability

November 13, 2019
CVE Number

CVE-2019-14574

Summary

An exploitable memory corruption vulnerability exists in Intel's IGC64.DLL graphics driver, versions 26.20.100.6709 and 26.20.100.6861. A specially crafted pixel shader can cause an out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Tested Versions

Intel icg64.dll (Intel Graphics Shader Compiler for Intel(R) Graphics Accelerator), versions 26.20.100.6709 and 26.20.100.6861 VMware Workstation 15 (15.0.4 build-12990004), with Windows 10 x64 as guestVM

Product URLs

http://intel.com http://vmware.com

CVSSv3 Score

8.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-125: Out-of-bounds Read

Details

This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). Such an attack can be triggered from VMware guest usermode to cause a denial-of-service attack due to an out-of-bounds read in Intel's igc64 driver (mapped and executed inside the vmware-vmx.exe process on the host), or theoretically through WEBGL (remote website).

Example of shader modification:

ps_4_0
00000000: 0x000000a4 - 0x000000b4 dcl_constant_buffer cb0[3].xyzw, immediateIndexed
00000001: 0x000000b4 - 0x000000c4 dcl_indexable_temp x1[3], 4
00000002: 0x000000c4 - 0x000000d4 dcl_indexable_temp x2[3], 4
...
00000366: 0x0000274c - 0x00002770 LEN:0036 mov x24334[1].xyzw, l(0, 0, 0, 0)

The DCL_INDEXABLE_TEMP instruction declares an indexable, temporary, register. When this register is not declared properly and further instructions make reference to it (like the instruction "MOV X24334[1].XYZW" does), it causes an exception in Intel's igc64 driver due to out ouf bounds read operation. As presented in the crash dump fragment below, the read value is "0xbaadf00dbaadf00d", which typically indicates that an uninitialized meemory region was read (this is a mark of uninitialised allocated heap memory on Windows).

VMware release mode crash dump fragment:

0:011> .ecxr
rax=0000000000000002 rbx=000000000017c383 rcx=000000000c519460
rdx=0000000000000002 rsi=0000000000000002 rdi=000000000017c383
rip=00007ffb204bbdc5 rsp=000000000d25aec0 rbp=000000000d25af29
 r8=000000001097b980  r9=000000001097bec0 r10=000000000017c383
r11=000000000c519460 r12=0000000000000170 r13=0000000010d38868
r14=0000000000000000 r15=000000000c51cb80
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
igc64!OpenCompiler12+0x55135:
00007ffb`204bbdc5 80781010        cmp     byte ptr [rax+10h],10h ds:00000000`00000012=??

Native machine crash dump fragment:

0:005> r
rax=baadf00dbaadf00d rbx=000000000017c383 rcx=000001f68dbab340
rdx=baadf00dbaadf00d rsi=000001f68dbb9300 rdi=000001f68dbb9b30
rip=00007ffb204bbc44 rsp=000000d64e4fe190 rbp=000000d64e4fe1f9
 r8=000001f68dbd23e0  r9=000001f68dbd2920 r10=000000000017c383
r11=000001f68dbab340 r12=0000000000000170 r13=000001f68dbab140
r14=0000000000000000 r15=baadf00dbaadf00d
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
igc64!OpenCompiler12+0x54fb4:
00007ffb`204bbc44 80781010        cmp     byte ptr [rax+10h],10h ds:baadf00d`baadf01d=??

Stack trace:

0:011> kb
  *** Stack trace for last set context - .thread/.cxr resets it
 # RetAddr           : Args to Child                                                           : Call Site
00 00007ffb`204bd1a5 : 00000001`00000003 00007ffb`00000000 00000000`0017c383 00000000`0d25bb50 : igc64!OpenCompiler12+0x55135
01 00007ffb`204c582e : 00000000`00000003 00000000`10e70a90 00000000`00000000 00000004`00000170 : igc64!OpenCompiler12+0x56515
02 00007ffb`204b132d : 00000000`00000170 00000000`00000000 00000000`10d38860 00000000`00000100 : igc64!OpenCompiler12+0x5eb9e
03 00007ffb`20490789 : 00007ffb`204e3550 00000000`0d25b250 00007ffb`204d3700 00000000`00000000 : igc64!OpenCompiler12+0x4a69d
04 00007ffb`2048c57e : 00007ffb`1fac03c0 00007ffb`204c8e80 00007ffb`1fac0301 00000000`10d38860 : igc64!OpenCompiler12+0x29af9
05 00007ffb`2048c200 : 00007ffb`204cb420 00000000`00000000 00000000`0d25c540 00000000`0d25c670 : igc64!OpenCompiler12+0x258ee
06 00007ffb`2048c0b4 : 00000000`1964a79c 00000000`00000000 00000000`10d38860 00000000`1095ac70 : igc64!OpenCompiler12+0x25570
07 00007ffb`2046b54a : 00000000`0c54e030 00000000`0c506d10 00000000`0c54e030 00000000`00000000 : igc64!OpenCompiler12+0x25424
08 00007ffb`2046a840 : 00000000`00000000 00000000`0d25c800 00000000`0d25c670 00000000`0c51cbe0 : igc64!OpenCompiler12+0x48ba
09 00007ffb`2046c1f3 : 00000000`1964a79c 00007ffb`243c3898 00000000`1964a79c 00007ffb`243c3b05 : igc64!OpenCompiler12+0x3bb0
0a 00007ffb`23b23f65 : 00000000`10ae3bd0 00000000`00000001 00000000`0d25c890 00007ffb`243dbb5c : igc64!OpenCompiler12+0x5563
0b 00007ffb`24460966 : 00000000`10ae4210 00000000`00000000 00000000`10ae3bd0 00000000`0d25cb28 : igd10iumd64!OpenAdapter10_2+0x21625
0c 00007ffb`2cbdb11d : 00000000`00000000 00000000`10ae3bb8 00000000`0c4aa2a0 00000000`00000000 : igd10iumd64!OpenAdapter10_2+0x95e026
0d 00007ffb`2cbd4eab : 00000000`1964a79c 00000000`0c4aa2a0 00000000`10ae3bb8 00000000`00000000 : d3d11!CPixelShader::CLS::FinalConstruct+0x219
0e 00007ffb`2cbd4dc3 : 00000000`0d25e690 00007ffb`2cdb3b10 00000000`10ae3a50 00000000`00000000 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3
0f 00007ffb`2cbe7665 : 00000000`10ae3ab0 00000000`0d25e690 00000000`0d25e6c0 00007ffb`2cdb3b10 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x14b
10 00007ffb`2cbecac6 : 00000000`00000000 00000000`00000030 00000000`00000000 00000000`00000030 : d3d11!CDevice::CreateLayeredChild+0x975
11 00007ffb`2cbed3c0 : 00000000`10ae3a50 00000000`1099b908 00007ffb`2cdb30e8 00000000`00000030 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x266
12 00007ffb`2cbcca83 : 00000000`03320530 00000000`00000009 00000000`03320d68 00007ffb`2cbcaa43 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0
13 00007ffb`2cbca976 : 00000000`1964a700 00000000`0000b000 00000000`0d25eab9 00000000`00000000 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x5f
14 00007ffb`2cbca768 : 00000000`03320d68 00000000`1964a700 00000000`00007804 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x202
15 00007ff7`aebe8802 : 00000000`10d30020 00007ff7`ae930000 00007ff7`ae930000 00000000`02170600 : d3d11!CDevice::CreatePixelShader+0x28
16 00007ff7`aebea0e5 : 00000000`10d30020 00007ff7`ae930000 00007ff7`ae930000 00000000`03320588 : vmware_vmx+0x2b8802
17 00007ff7`aebe8f62 : 00000000`10d37fa0 00007ff7`ae930000 00000000`10d30020 00000000`10d30020 : vmware_vmx+0x2ba0e5
18 00007ff7`aebe5451 : 00000000`fffe4000 00000000`10d30020 00000000`00000003 00000000`10aeef00 : vmware_vmx+0x2b8f62
19 00007ff7`aeb3eec9 : 00007ff7`aeb3ee00 00000000`10aeeef0 00000000`00000028 00007ff7`aec23e50 : vmware_vmx+0x2b5451
1a 00007ff7`aead29d2 : 00000000`00000040 00007ff7`aeb3ee00 00000000`0d25fd60 00000000`00000028 : vmware_vmx+0x20eec9
1b 00007ff7`aead0a9f : 00000000`0d25fe80 00000000`00000040 00000000`00000000 00000000`00000001 : vmware_vmx+0x1a29d2
1c 00007ff7`aea265a0 : 00000000`02170600 00000000`021706e0 00000000`00000001 00000000`00000000 : vmware_vmx+0x1a0a9f
1d 00007ff7`aef4c7b0 : 00007ff7`aea26480 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0xf65a0
1e 00007ffb`30c981f4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0x61c7b0
1f 00007ffb`33a7a251 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
20 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

Crash Information

From vmware-vmx.exe (this is not a windbg crash dump):

2019-05-20T10:00:11.961+02:00| svga| W115: ----Win32 exception detected, exceptionCode 0xc0000005 (access violation)----
2019-05-20T10:00:11.961+02:00| svga| W115: ExceptionAddress 0x7ffb204bbdc5 eflags 0x00010246
2019-05-20T10:00:11.962+02:00| svga| W115: rwFlags 0 badAddr 0x12
2019-05-20T10:00:11.962+02:00| svga| W115: rax 0x2 rbx 0x17c383 rcx 0xc519460
2019-05-20T10:00:11.962+02:00| svga| W115: rdx 0x2 rsi 0x2 rdi 0x17c383
2019-05-20T10:00:11.962+02:00| svga| W115: r8 0x1097b980 r9 0x1097bec0 r10 0x17c383
2019-05-20T10:00:11.962+02:00| svga| W115: r11 0xc519460 r12 0x170 r13 0x10d38868
2019-05-20T10:00:11.962+02:00| svga| W115: r14 0 r15 0xc51cb80
2019-05-20T10:00:11.962+02:00| svga| W115: rip 0x7ffb204bbdc5 rsp 0xd25aec0 rbp 0xd25af29
2019-05-20T10:00:11.962+02:00| svga| W115: LastBranchToRip 0 LastBranchFromRip 0
2019-05-20T10:00:11.962+02:00| svga| W115: LastExceptionToRip 0 LastExceptionFromRip 0
2019-05-20T10:00:11.962+02:00| svga| W115: The following data was delivered with the exception:
2019-05-20T10:00:11.962+02:00| svga| W115:  -- 0
2019-05-20T10:00:11.962+02:00| svga| W115:  -- 0x12
2019-05-20T10:00:11.962+02:00| svga| I125: CoreDump: Minidump file J:\lab_vm\Nowy folder\vmware-vmx.dmp exists. Rotating ...
2019-05-20T10:00:11.963+02:00| svga| W115: CoreDump: Writing minidump to J:\lab_vm\Nowy folder\vmware-vmx.dmp
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ff7ae930000 size 0x0x0124d000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x00f675c1 timestamp 0x5c9991d2
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Program Files (x86)\VMware\VMware Workstation\x64\vmware-vmx.exe
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 15.0.4.45173
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb33a10000 size 0x0x001ed000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x001eafeb timestamp 0xca65c822
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\ntdll.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30c80000 size 0x0x000b3000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x000ba1fb timestamp 0xb9780d03
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\kernel32.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.379
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb309a0000 size 0x0x00293000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x0029a1cc timestamp 0xd620e319
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\KERNELBASE.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fed0000 size 0x0x000fa000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x0010370e timestamp 0x26a80883
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\ucrtbase.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb31c00000 size 0x0x00197000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x0019e334 timestamp 0x5960d576
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\user32.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.168
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2feb0000 size 0x0x00020000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x000230fc timestamp 0xff141dbb
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\win32u.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30e70000 size 0x0x00029000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x000274e8 timestamp 0xaa866dfc
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\gdi32.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1b800000 size 0x0x00015000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x00017b21 timestamp 0x5be33079
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\VCRUNTIME140.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 14.16.27024.1
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2ffd0000 size 0x0x0019a000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x00198842 timestamp 0x894f6837
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\gdi32full.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.316
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fd60000 size 0x0x000a0000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x000a22bb timestamp 0x448f33c2
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\msvcp_win.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb317d0000 size 0x0x00155000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x001617b3 timestamp 0x47d4d9b6
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\ole32.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.134
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb33460000 size 0x0x0032d000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x0033012c timestamp 0x027b41b1
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\combase.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.253
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb311c0000 size 0x0x00122000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x00124564 timestamp 0x28d25d35
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\rpcrt4.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.379
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30170000 size 0x0x0007e000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x000897e0 timestamp 0xe29631ca
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\bcryptPrimitives.dll
2019-05-20T10:00:12.149+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.149+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30d40000 size 0x0x000a3000
2019-05-20T10:00:12.149+02:00| svga| I125:   checksum 0x000a4051 timestamp 0xb12069f9
2019-05-20T10:00:12.149+02:00| svga| I125:   image file C:\Windows\System32\advapi32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb33870000 size 0x0x0009e000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000a6576 timestamp 0x05c26c69
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\msvcrt.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 7.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb31930000 size 0x0x0009e000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000a9176 timestamp 0x7d59184a
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\sechost.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb31da0000 size 0x0x014f0000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x01517832 timestamp 0x6a056922
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\shell32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fae0000 size 0x0x0004a000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0004f3eb timestamp 0xca7e64ca
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\cfgmgr32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb31110000 size 0x0x000a8000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000a6bc1 timestamp 0x9a0e77eb
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\SHCore.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30250000 size 0x0x0074a000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00757f75 timestamp 0x9d1c32d4
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\windows.storage.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fa10000 size 0x0x00024000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0002ec08 timestamp 0x36191177
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\profapi.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fa40000 size 0x0x0005d000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0006167d timestamp 0x8941f3e3
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\powrprof.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb31770000 size 0x0x00052000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0005be0c timestamp 0x4392c932
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\shlwapi.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fac0000 size 0x0x00011000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0001c039 timestamp 0xbe88784d
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\kernel.appcore.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fb30000 size 0x0x00017000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0001f088 timestamp 0xfe800ac7
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\cryptsp.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb312f0000 size 0x0x00475000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x004807ee timestamp 0xc7383b9a
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\setupapi.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.292
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fb50000 size 0x0x00026000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0002f670 timestamp 0x4d019572
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\bcrypt.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb33790000 size 0x0x0006d000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0006d338 timestamp 0x4ee4fbbf
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\ws2_32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb33910000 size 0x0x000cb000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000cc6ea timestamp 0xb6f5b941
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\oleaut32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.292
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2fb80000 size 0x0x001db000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x001de80e timestamp 0xb2fbbe58
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\crypt32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2faa0000 size 0x0x00012000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0001b8e7 timestamp 0xac91a4b2
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\msasn1.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2dcb0000 size 0x0x00024000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00029b8b timestamp 0x01dd0441
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\winmm.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffafc880000 size 0x0x00096000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00097a6b timestamp 0x807cb1be
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\dsound.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2dc80000 size 0x0x0002d000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000313bc timestamp 0x61c36296
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\winmmbase.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2a4e0000 size 0x0x000f1000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000f88bb timestamp 0xe38b05c0
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\winhttp.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.316
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb28550000 size 0x0x00041000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00040f64 timestamp 0xc2c19daa
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\WinSCard.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2c600000 size 0x0x00013000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000141f8 timestamp 0x645d63a8
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\wtsapi32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x53ca0000 size 0x0x0001a000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00025128 timestamp 0x5b281fdf
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Program Files (x86)\VMware\VMware Workstation\x64\zlib1.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 1.2.11.0
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f7c0000 size 0x0x00029000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00035933 timestamp 0x38fddd55
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\devobj.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30c50000 size 0x0x0002e000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000306da timestamp 0x6b207046
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\imm32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2e030000 size 0x0x0009c000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00098b0d timestamp 0x4b037c22
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\uxtheme.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2ead0000 size 0x0x00031000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000360d6 timestamp 0x376a9861
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\ntmarta.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x53a50000 size 0x0x0024b000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00250d79 timestamp 0x5c0d2810
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Program Files (x86)\VMware\VMware Workstation\x64\libeay32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 1.0.2.17
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffaf74e0000 size 0x0x0005d000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0006be35 timestamp 0x5c0d281f
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Program Files (x86)\VMware\VMware Workstation\x64\ssleay32.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 1.0.2.17
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2edf0000 size 0x0x00033000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x00039b84 timestamp 0xeb037b86
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\rsaenh.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f400000 size 0x0x0000c000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0000d582 timestamp 0x210d2d73
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\CRYPTBASE.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f940000 size 0x0x0002f000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000339df timestamp 0xebd3b7f6
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\sspicli.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f230000 size 0x0x00067000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0006982f timestamp 0x9cffe601
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\mswsock.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.292
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2efd0000 size 0x0x000c6000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x000c7c00 timestamp 0x33466d5f
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\dnsapi.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.292
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb33800000 size 0x0x00008000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0000c1ee timestamp 0x7ace72dc
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\nsi.dll
2019-05-20T10:00:12.150+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.150+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2ef90000 size 0x0x0003d000
2019-05-20T10:00:12.150+02:00| svga| I125:   checksum 0x0003b254 timestamp 0x55458551
2019-05-20T10:00:12.150+02:00| svga| I125:   image file C:\Windows\System32\IPHLPAPI.DLL
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb21f70000 size 0x0x0000a000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0000ec91 timestamp 0x389781ac
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\rasadhlp.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30fd0000 size 0x0x000a2000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000a9f48 timestamp 0xaaba4fa9
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\clbcatq.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 2001.12.10941.16384
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb18ed0000 size 0x0x00011000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0000bb8c timestamp 0x80ed95b9
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\wbem\wbemprox.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1b4e0000 size 0x0x00085000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000821c7 timestamp 0x264de62a
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\wbemcomn.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb16030000 size 0x0x00014000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00015c08 timestamp 0x42167f4e
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\wbem\wbemsvc.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb17670000 size 0x0x000f1000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000f6195 timestamp 0xc27bfeee
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\wbem\fastprox.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb30c40000 size 0x0x00008000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00009082 timestamp 0x43f78f9f
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\psapi.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1b910000 size 0x0x001ed000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x001d72c0 timestamp 0x05f0e9a4
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\dbghelp.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb332f0000 size 0x0x0016a000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0016bce2 timestamp 0x6fda36d1
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\msctf.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f810000 size 0x0x00058000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0005f200 timestamp 0xd1e21847
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\winsta.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffaf7340000 size 0x0x00066000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00061b53 timestamp 0x9ff9e1ff
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\SensorsApi.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.168
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2b600000 size 0x0x0001e000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00021e5c timestamp 0xbbb5f881
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\SensorsUtilsV2.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1d9e0000 size 0x0x00024000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00023855 timestamp 0xabdcae8a
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\SensorsNativeApi.V2.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2c220000 size 0x0x001a8000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x001b32e3 timestamp 0x70304c01
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\propsys.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 7.0.17763.348
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffaf7e70000 size 0x0x00030000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00032b59 timestamp 0x91d63955
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\PortableDeviceTypes.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb00ae0000 size 0x0x00036000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0003e09f timestamp 0x2c0d51d2
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\deviceaccess.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb301f0000 size 0x0x00059000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0005ee01 timestamp 0xd51e499a
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\wintrust.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.348
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2e360000 size 0x0x0002e000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000380b6 timestamp 0xb90c6519
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\dwmapi.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb12c30000 size 0x0x00045000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000440d7 timestamp 0xeb7bdbd0
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\bthprops.cpl
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb126b0000 size 0x0x00279000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0027595e timestamp 0x36ff017d
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.379_none_05b83be8071c94a1\comctl32.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 6.10.17763.379
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb0ad10000 size 0x0x000ad000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000a8b32 timestamp 0x700dafec
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\mscms.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f910000 size 0x0x00028000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0002961f timestamp 0xbbcbf3a2
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\userenv.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb11970000 size 0x0x00010000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0000eeb8 timestamp 0xb5672678
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\ColorAdapterClient.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1d990000 size 0x0x00043000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0004a1f9 timestamp 0xa5d2ba3f
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\icm32.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2cbb0000 size 0x0x0027e000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0028c849 timestamp 0x13a31007
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\d3d11.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2e790000 size 0x0x000c2000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x000c506d timestamp 0x6b3e2414
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\dxgi.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb23b00000 size 0x0x013b9000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x01436fe0 timestamp 0x5ca29d0f
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_98079b1a931ddb0d\igd10iumd64.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 26.20.100.6709
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f500000 size 0x0x00026000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x00027614 timestamp 0xb8fe18e6
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\ncrypt.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb2f4c0000 size 0x0x0003c000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0004318b timestamp 0x6f58dff3
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\ntasn1.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb23650000 size 0x0x0011d000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x001296b4 timestamp 0x5ca29a45
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_98079b1a931ddb0d\igdgmm64.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 26.20.100.6709
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1fa50000 size 0x0x021e7000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0229d05a timestamp 0x5ca29ddc
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_98079b1a931ddb0d\igc64.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 26.20.100.6709
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: including module base 0x0x7ffb1b040000 size 0x0x0002a000
2019-05-20T10:00:12.151+02:00| svga| I125:   checksum 0x0003488c timestamp 0x590c013e
2019-05-20T10:00:12.151+02:00| svga| I125:   image file C:\Windows\System32\dbgcore.dll
2019-05-20T10:00:12.151+02:00| svga| I125:   file version 10.0.17763.1
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: Including thread 18912
2019-05-20T10:00:12.151+02:00| svga| I125: CoreDump: Including thread 6672
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 17136
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 92
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 1240
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 416
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 1196
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 12540
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 17668
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 2120
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 15896
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 6332
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 13520
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 10632
2019-05-20T10:00:12.152+02:00| svga| I125: CoreDump: Including thread 1400

Timeline

2019-06-05 - Vendor Disclosure
2019-07-31 - 30+ day follow up
2019-08-07 - Vendor request for disclosure date extension granted
2019-09-23 - Mitigations implemented and CVE assigned
2019-11-12 - Public disclosure release

Credit

Discovered by Piotr Bania of Cisco Talos.