Talos Vulnerability Report

TALOS-2019-0937

AMD ATI Radeon ATIDXX64.DLL MAD shader functionality denial-of-service vulnerability

January 21, 2020
CVE Number

CVE-2019-5146

Summary

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.

Tested Versions

AMD ATIDXX64.DLL (26.20.13025.10004) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM

Product URLs

http://amd.com http://vmware.com

CVSSv3 Score

8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-125: Out-of-bounds Read

Details

This vulnerability can be triggered by supplying a malformed pixel shader (inside VMware guest OS). This type of attack can be triggered from from VMware guest usermode to cause an out-of-bounds read in the vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).

Example shader:

ps_4_1
dcl_global_flags refactoringAllowed
dcl_constant_buffer cb0[5].xyzw, immediateIndexed
dcl_resource_texture2d resource[0]
dcl_resource_texture2d resource[1]
dcl_input_ps_siv linear noperspective v0.xy, position
dcl_output o0.xyzw
dcl_temps 19   
00000007: 0x00000328 - 0x00000348 LEN:0032 0e 00 00 08 32 00 10 00 00 00 00 00 46 10 10 00 00 00 00 00 46 80 20 00 00 00 00 00 00 00 00 00 div r0.xy, v0.xyxx, cb0[0].xyxx
...
mad r0.xyw, r5.xyxz, l(2.14451, 2.14451, 0, 2.14451), v0.xyxw

By modifying the MAD instruction's (Component-wise multiply & add) last operand from r0.xyxw to v0.xyxw it is possible to trigger an out-of-bounds read exception due to the rax (eax) index register being used in the mov rcx,qword ptr [rsi+rax*8+18h], which was initialized to -1.

Exception:

0:016> .ecxr
rax=00000000ffffffff rbx=0000000000000001 rcx=0000000000000000
rdx=0000000000000001 rsi=000001a4e6d323d8 rdi=00000000ffffffff
rip=00007ff9c07855ba rsp=0000009c53bf4c90 rbp=00000000ffffffff
 r8=000001a4e6c919b0  r9=0000000000000000 r10=0000000000000009
r11=0000009c53bf4b80 r12=0000000000000000 r13=000001a4e6cd74f0
r14=000001a4e6a5b8c8 r15=0000000000000000
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010246
atidxx64!AmdDxGsaFreeCompiledShader+0x46b28a:
00007ff9`c07855ba 488b4cc618      mov     rcx,qword ptr [rsi+rax*8+18h] ds:000001ac`e6d323e8=????????????????

Crash Information

(3d28.3b60): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
atidxx64!AmdDxGsaFreeCompiledShader+0x46b28a:
00007ff9`c07855ba 488b4cc618      mov     rcx,qword ptr [rsi+rax*8+18h] ds:00000172`c622c8d8=????????????????
0:000> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** WARNING: Unable to verify checksum for BasicHLSL11_VENDOR_ONLY.exe

KEY_VALUES_STRING: 1

    Key  : AV.Fault
    Value: Read

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 349908

    Key  : Timeline.Process.Start.DeltaSec
    Value: 22


PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

Timeline: !analyze.Start
    Name: <blank>
    Time: 2019-10-16T10:49:41.609Z
    Diff: 6390 mSec

Timeline: Dump.Current
    Name: <blank>
    Time: 2019-10-16T10:49:48.0Z
    Diff: 0 mSec

Timeline: Process.Start
    Name: <blank>
    Time: 2019-10-16T10:49:26.0Z
    Diff: 22000 mSec

Timeline: OS.Boot
    Name: <blank>
    Time: 2019-10-12T09:38:00.0Z
    Diff: 349908000 mSec


DUMP_CLASS: 2

DUMP_QUALIFIER: 0

FAULTING_IP: 
atidxx64!AmdDxGsaFreeCompiledShader+46b28a
00007ff9`c07855ba 488b4cc618      mov     rcx,qword ptr [rsi+rax*8+18h]

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ff9c07855ba (atidxx64!AmdDxGsaFreeCompiledShader+0x000000000046b28a)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 00000172c622c8d8
Attempt to read from address 00000172c622c8d8

FAULTING_THREAD:  00003b60

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

PROCESS_NAME:  BasicHLSL11_VENDOR_ONLY.exe

FOLLOWUP_IP: 
atidxx64!AmdDxGsaFreeCompiledShader+46b28a
00007ff9`c07855ba 488b4cc618      mov     rcx,qword ptr [rsi+rax*8+18h]

READ_ADDRESS:  00000172c622c8d8 

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.

EXCEPTION_CODE_STR:  c0000005

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  00000172c622c8d8

WATSON_BKT_PROCSTAMP:  5cb740ee

WATSON_BKT_MODULE:  atidxx64.dll

WATSON_BKT_MODSTAMP:  5d97706a

WATSON_BKT_MODOFFSET:  4d55ba

WATSON_BKT_MODVER:  26.20.13025.10004

MODULE_VER_PRODUCT:  Advanced Micro Devices, Inc. Radeon DirectX 11 Driver

BUILD_VERSION_STRING:  18362.1.amd64fre.19h1_release.190318-1202

MODLIST_WITH_TSCHKSUM_HASH:  ec25c91ba0aaa8733ef61a1afd1f3dce69c12f2d

MODLIST_SHA1_HASH:  8595bb61cbb1e585fd325273c523a810a47d8f9d

NTGLOBALFLAG:  470

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

PRODUCT_TYPE:  1

SUITE_MASK:  272

DUMP_TYPE:  fe

ANALYSIS_SESSION_HOST:  CLAB

ANALYSIS_SESSION_TIME:  10-16-2019 12:49:41.0609

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

THREAD_ATTRIBUTES: 
OS_LOCALE:  ENU

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ

PRIMARY_PROBLEM_CLASS:  APPLICATION_FAULT

PROBLEM_CLASSES: 

    ID:     [0n313]
    Type:   [@ACCESS_VIOLATION]
    Class:  Addendum
    Scope:  BUCKET_ID
    Name:   Omit
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x3b60]
    Frame:  [0] : atidxx64!AmdDxGsaFreeCompiledShader

    ID:     [0n285]
    Type:   [INVALID_POINTER_READ]
    Class:  Primary
    Scope:  DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
            BUCKET_ID
    Name:   Add
    Data:   Omit
    PID:    [Unspecified]
    TID:    [0x3b60]
    Frame:  [0] : atidxx64!AmdDxGsaFreeCompiledShader

LAST_CONTROL_TRANSFER:  from 00007ff9c0784abb to 00007ff9c07855ba

STACK_TEXT:  
00000065`d5788f50 00007ff9`c0784abb : 0000016a`c5db40a8 00000065`d5789200 0000016a`ffffffff 00000065`d5789200 : atidxx64!AmdDxGsaFreeCompiledShader+0x46b28a
00000065`d5789010 00007ff9`c077c64e : 0000016a`c620e101 00000065`d57892c0 00000065`d5789200 00007ff9`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x46a78b
00000065`d57891d0 00007ff9`c077bacd : 0000016a`c5db40a8 00000065`d5789330 00000000`00000003 00000000`00000001 : atidxx64!AmdDxGsaFreeCompiledShader+0x46231e
00000065`d5789310 00007ff9`c077b71b : 00000065`d57896e0 00000000`00000000 b4000000`00000000 00000000`3f7ffffe : atidxx64!AmdDxGsaFreeCompiledShader+0x46179d
00000065`d5789420 00007ff9`c077ac84 : 00000000`00000000 00000000`00000000 0000016a`c622a0c0 0000016a`c5db40a8 : atidxx64!AmdDxGsaFreeCompiledShader+0x4613eb
00000065`d57895c0 00007ff9`c077370e : 0000016a`c5db40a8 0000016a`00000000 0000016a`00000000 0000016a`c5db40a8 : atidxx64!AmdDxGsaFreeCompiledShader+0x460954
00000065`d57899d0 00007ff9`c0412f0d : 0000016a`00000000 0000016a`00000000 0000016a`c5dcfdf0 00000065`d5789af9 : atidxx64!AmdDxGsaFreeCompiledShader+0x4593de
00000065`d5789a20 00007ff9`c04276b6 : 0000016a`c5dcfdf0 0000016a`c5db4090 0000016a`000004dc 0000016a`c5dcfdf0 : atidxx64!AmdDxGsaFreeCompiledShader+0xf8bdd
00000065`d5789b60 00007ff9`c0416770 : 0000016a`c5cc1b10 0000016a`c5dc7e58 00000000`00000004 0000016a`c5cc1b10 : atidxx64!AmdDxGsaFreeCompiledShader+0x10d386
00000065`d5789d20 00007ff9`c03f59c4 : 0000016a`c5cc1b10 0000016a`c5fa7010 00000065`d578a560 0000016a`c5cc1b10 : atidxx64!AmdDxGsaFreeCompiledShader+0xfc440
00000065`d5789da0 00007ff9`c0339404 : 00000000`00000001 00000065`d578a560 0000016a`c5fa7010 00000065`d578a560 : atidxx64!AmdDxGsaFreeCompiledShader+0xdb694
00000065`d578a320 00007ff9`c0ac0518 : 0000016a`bfba2a08 00000065`d578a450 00000065`d578a560 0000016a`c5d2eac0 : atidxx64!AmdDxGsaFreeCompiledShader+0x1f0d4
00000065`d578a350 00007ff9`c0aa5c5b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x7a61e8
00000065`d578a4c0 00007ff9`c0aa5792 : 00000000`00000000 0000016a`c5fa6d10 0000016a`c5c32890 00000065`d578e1d0 : atidxx64!AmdDxGsaFreeCompiledShader+0x78b92b
00000065`d578a520 00007ff9`c0ad61a3 : 0000016a`c5fa6d10 00000000`00000000 0000016a`c5c98730 00000065`d578e1d0 : atidxx64!AmdDxGsaFreeCompiledShader+0x78b462
00000065`d578e180 00007ff9`c0aa5667 : 00000000`00000004 0000016a`c5fa62c0 0000016a`c5c85a90 0000016a`c5c406c0 : atidxx64!AmdDxGsaFreeCompiledShader+0x7bbe73
00000065`d578e1b0 00007ff9`c0b75251 : 00000000`00000000 00000065`d578e520 00000000`00000000 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x78b337
00000065`d578e210 00007ff9`c0334d6a : 00000000`00000000 00000000`00000000 00000065`d578e520 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x85af21
00000065`d578e250 00007ff9`c0334bb3 : 0000016a`c5c5acd0 00000000`00000003 00000000`00000003 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x1aa3a
00000065`d578e290 00007ff9`c02bc05e : 00000000`00000001 00000000`00000000 00000000`00001817 00000000`00000003 : atidxx64!AmdDxGsaFreeCompiledShader+0x1a883
00000065`d578e320 00007ff9`c0a28246 : 00000000`00000000 00000065`d578e520 00000000`00000000 ffffffff`ffffffff : atidxx64!XdxQueryTlsLookupTable+0x6d6e
00000065`d578e360 00007ff9`c0a8c7d9 : 00000000`00000000 0000016a`bfb4dac8 00000065`d578e520 00000000`00001400 : atidxx64!AmdDxGsaFreeCompiledShader+0x70df16
00000065`d578e4d0 00007ff9`c02cd8b1 : 0000016a`c59fd108 0000016a`bfbc0ae0 ffffffff`fffffffe 00007ff9`cc295113 : atidxx64!AmdDxGsaFreeCompiledShader+0x7724a9
00000065`d578e500 00007ff9`cc298edc : 00000000`00000000 00000065`d578e730 0000016a`c59fd0f8 00007ff9`d207babb : atidxx64!XdxQueryTlsLookupTable+0x185c1
00000065`d578e630 00007ff9`cc2a295f : 00000065`00000001 0000016a`bfbbcef8 0000016a`c59fd0f8 0000016a`bfbb2fe0 : d3d11!CPixelShader::CLS::FinalConstruct+0x23c
00000065`d578e890 00007ff9`cc2a289a : 00000065`d578ef70 00007ff9`cc452388 0000016a`c59fcf90 00000000`00001817 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3
00000065`d578e920 00007ff9`cc28ee58 : 0000016a`c59fcfe8 00000065`d578ef70 00000065`d578efa0 00007ff9`cc452388 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x152
00000065`d578e980 00007ff9`cc29b17d : ffffffff`fffffffe 0000016a`c59fcf90 00000000`0000007f 00000000`00000001 : d3d11!CDevice::CreateLayeredChild+0xc88
00000065`d578edc0 00007ff9`cc29b950 : 0000016a`c59fcf90 00000000`00000009 00000000`00000188 00000000`00000030 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x6d
00000065`d578ef30 00007ff9`cc2814f4 : 0000016a`bfb9a840 00000000`00000009 0000016a`bfb4d800 0000016a`bfb9b078 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0
00000065`d578f120 00007ff9`cc281463 : 0000016a`bfb4d800 00630069`0000c000 00000065`d578f480 0056005f`00310031 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x64
00000065`d578f180 00007ff9`cc2811e8 : 0000016a`bfb9b078 0000016a`bfb4d800 00000000`00005208 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x203
00000065`d578f330 00007ff6`ea9a2f16 : 0000016a`bfbb30c0 00000065`d578f3f8 0000016a`bfb9b088 00000000`00000000 : d3d11!CDevice::CreatePixelShader+0x28
00000065`d578f380 00007ff6`ea9abeb0 : 00000000`00000000 00000000`00000000 0000016a`bfb52a40 0000016a`b4000000 : BasicHLSL11_VENDOR_ONLY+0x2f16
00000065`d578f7a0 00007ff6`ea9a9efc : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : BasicHLSL11_VENDOR_ONLY+0xbeb0
00000065`d578f8a0 00007ff6`ea9a989c : 00000000`00000000 005f0052`004f0044 00000000`00000034 00650078`0065002e : BasicHLSL11_VENDOR_ONLY+0x9efc
00000065`d578fac0 00007ff6`ea9a202b : 0000016a`bfb52a40 00000000`00000034 0000016a`bfb52a40 0000016a`bfb4d814 : BasicHLSL11_VENDOR_ONLY+0x989c
00000065`d578fcb0 00007ff6`ea9ca17e : 00000000`00000000 00000000`00000000 00000000`0000000a 00000000`00000000 : BasicHLSL11_VENDOR_ONLY+0x202b
00000065`d578fdd0 00007ff9`d0ef7bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : BasicHLSL11_VENDOR_ONLY+0x2a17e
00000065`d578fe10 00007ff9`d20aced1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
00000065`d578fe40 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


STACK_COMMAND:  ~0s ; .cxr ; kb

THREAD_SHA1_HASH_MOD_FUNC:  49198fbf3b363f0b8765e62f3b9a738d019dec91

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  1e14cb6c7ca288328f07ad05373cdc8d2e77d545

THREAD_SHA1_HASH_MOD:  9aec76555bdc1e497180cb268a7d6f1cabfca19b

FAULT_INSTR_CODE:  c64c8b48

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  atidxx64!AmdDxGsaFreeCompiledShader+46b28a

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: atidxx64

IMAGE_NAME:  atidxx64.dll

DEBUG_FLR_IMAGE_TIMESTAMP:  5d97706a

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_atidxx64.dll!AmdDxGsaFreeCompiledShader

BUCKET_ID:  APPLICATION_FAULT_INVALID_POINTER_READ_atidxx64!AmdDxGsaFreeCompiledShader+46b28a

FAILURE_EXCEPTION_CODE:  c0000005

FAILURE_IMAGE_NAME:  atidxx64.dll

BUCKET_ID_IMAGE_STR:  atidxx64.dll

FAILURE_MODULE_NAME:  atidxx64

BUCKET_ID_MODULE_STR:  atidxx64

FAILURE_FUNCTION_NAME:  AmdDxGsaFreeCompiledShader

BUCKET_ID_FUNCTION_STR:  AmdDxGsaFreeCompiledShader

BUCKET_ID_OFFSET:  46b28a

BUCKET_ID_MODTIMEDATESTAMP:  5d97706a

BUCKET_ID_MODCHECKSUM:  1b00f4d

BUCKET_ID_MODVER_STR:  0.0.0.0

BUCKET_ID_PREFIX_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_

FAILURE_PROBLEM_CLASS:  APPLICATION_FAULT

FAILURE_SYMBOL_NAME:  atidxx64.dll!AmdDxGsaFreeCompiledShader

TARGET_TIME:  2019-10-16T10:50:02.000Z

OSBUILD:  18362

OSSERVICEPACK:  329

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt SingleUserTS

USER_LCID:  0

OSBUILD_TIMESTAMP:  unknown_date

BUILDDATESTAMP_STR:  190318-1202

BUILDLAB_STR:  19h1_release

BUILDOSVER_STR:  10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME:  5266

ANALYSIS_SOURCE:  UM

FAILURE_ID_HASH_STRING:  um:invalid_pointer_read_c0000005_atidxx64.dll!amddxgsafreecompiledshader

FAILURE_ID_HASH:  {08b458dc-1323-2abb-9f1a-d0ac543a793c}

Followup:     MachineOwner
---------

VMware crash information:

2019-10-16T12:25:23.810+02:00| vcpu-1| I125: Progress 101% (none)
2019-10-16T12:25:44.067+02:00| svga| W115: ----Win32 exception detected, exceptionCode 0xc0000005 (access violation)----
2019-10-16T12:25:44.067+02:00| svga| W115: ExceptionAddress 0x7ff9c07855ba eflags 0x00010246
2019-10-16T12:25:44.067+02:00| svga| W115: rwFlags 0 badAddr 0x1ace6d323e8
2019-10-16T12:25:44.067+02:00| svga| W115: rax 0xffffffff rbx 0x1 rcx 0
2019-10-16T12:25:44.067+02:00| svga| W115: rdx 0xffffffff rsi 0x1a4e6d323d8 rdi 0xffffffff
2019-10-16T12:25:44.067+02:00| svga| W115: r8 0x1a4e6c919b0 r9 0 r10 0x9
2019-10-16T12:25:44.067+02:00| svga| W115: r11 0x9c53bf4b80 r12 0 r13 0x1a4e6cd74f0
2019-10-16T12:25:44.067+02:00| svga| W115: r14 0x1a4e6a5b8c8 r15 0
2019-10-16T12:25:44.067+02:00| svga| W115: rip 0x7ff9c07855ba rsp 0x9c53bf4c90 rbp 0xffffffff
2019-10-16T12:25:44.067+02:00| svga| W115: LastBranchToRip 0 LastBranchFromRip 0
2019-10-16T12:25:44.068+02:00| svga| W115: LastExceptionToRip 0 LastExceptionFromRip 0
2019-10-16T12:25:44.068+02:00| svga| W115: The following data was delivered with the exception:
2019-10-16T12:25:44.068+02:00| svga| W115:  -- 0
2019-10-16T12:25:44.068+02:00| svga| W115:  -- 0x1ace6d323e8
2019-10-16T12:25:44.068+02:00| svga| I125: CoreDump: Minidump file K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp exists. Rotating ...
2019-10-16T12:25:44.070+02:00| svga| W115: CoreDump: Writing minidump to K:\vmware_images\windows_10_x64_uefi\vmware-vmx.dmp
2019-10-16T12:25:44.182+02:00| svga| I125: CoreDump: including module base 0x0x7ff6e4ec0000 size 0x0x01490000
2019-10-16T12:25:44.182+02:00| svga| I125:   checksum 0x01005d98 timestamp 0x5d803d03
2019-10-16T12:25:44.182+02:00| svga| I125:   image file K:\tools\vmware\x64\vmware-vmx.exe
2019-10-16T12:25:44.182+02:00| svga| I125:   file version 15.5.0.49504
2019-10-16T12:25:44.182+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d2040000 size 0x0x001f0000
2019-10-16T12:25:44.182+02:00| svga| I125:   checksum 0x001ed133 timestamp 0x99ca0526
2019-10-16T12:25:44.182+02:00| svga| I125:   image file C:\Windows\System32\ntdll.dll
2019-10-16T12:25:44.182+02:00| svga| I125:   file version 10.0.18362.418
2019-10-16T12:25:44.182+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d0ee0000 size 0x0x000b2000
2019-10-16T12:25:44.182+02:00| svga| I125:   checksum 0x000bbbc4 timestamp 0xd0cecc10
2019-10-16T12:25:44.182+02:00| svga| I125:   image file C:\Windows\System32\kernel32.dll
2019-10-16T12:25:44.182+02:00| svga| I125:   file version 10.0.18362.329
2019-10-16T12:25:44.182+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ceff0000 size 0x0x002a3000
2019-10-16T12:25:44.182+02:00| svga| I125:   checksum 0x002b1c84 timestamp 0xfba22159
2019-10-16T12:25:44.182+02:00| svga| I125:   image file C:\Windows\System32\KERNELBASE.dll
2019-10-16T12:25:44.182+02:00| svga| I125:   file version 10.0.18362.418
2019-10-16T12:25:44.182+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cfbe0000 size 0x0x000fa000
2019-10-16T12:25:44.182+02:00| svga| I125:   checksum 0x00103d88 timestamp 0x4361b720
2019-10-16T12:25:44.182+02:00| svga| I125:   image file C:\Windows\System32\ucrtbase.dll
2019-10-16T12:25:44.182+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d11b0000 size 0x0x00194000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x00195b72 timestamp 0x7daa1cfe
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\user32.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.418
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cfbb0000 size 0x0x00021000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0002b239 timestamp 0x5343f4fb
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\win32u.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d1690000 size 0x0x00026000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0002f763 timestamp 0x90b22122
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\gdi32.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ba9e0000 size 0x0x00016000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0001e3e1 timestamp 0x5c82fae2
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\VCRUNTIME140.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 14.20.27508.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cff50000 size 0x0x00194000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0019ed71 timestamp 0x1ff6ed38
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\gdi32full.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.356
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cfd10000 size 0x0x0009e000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x000a1dae timestamp 0x2085286c
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\msvcp_win.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d16e0000 size 0x0x00156000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x00164a1e timestamp 0x137cb3c6
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\ole32.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.113
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d08f0000 size 0x0x00336000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0033e15d timestamp 0x7b512025
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\combase.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.356
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d0d10000 size 0x0x00120000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x00124bf2 timestamp 0x0530c620
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\rpcrt4.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cfb30000 size 0x0x00080000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x00086602 timestamp 0x5c8eaa57
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\bcryptPrimitives.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.295
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d0150000 size 0x0x000a3000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x000a0ad7 timestamp 0x0ba7a4cd
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\advapi32.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.329
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d14a0000 size 0x0x0009e000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x000a591e timestamp 0xf5bdefd7
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\msvcrt.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 7.0.18362.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d1540000 size 0x0x00097000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x000a2387 timestamp 0x1c757ba0
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\sechost.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d0200000 size 0x0x006e5000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x006ee638 timestamp 0xdeca38c3
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\shell32.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cff00000 size 0x0x0004a000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x000542d0 timestamp 0xafaaabaa
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\cfgmgr32.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d0e30000 size 0x0x000a9000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x000b5f37 timestamp 0x48cfe63c
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\SHCore.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cf3b0000 size 0x0x0077f000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x00799857 timestamp 0x8ebbe9ca
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\windows.storage.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cef40000 size 0x0x0001f000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0002584e timestamp 0xfacae6c0
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\profapi.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cef60000 size 0x0x0004a000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0004e923 timestamp 0xfdc4588a
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\powrprof.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cef10000 size 0x0x00010000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0000d99d timestamp 0xa2ccd413
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\umpdc.dll
2019-10-16T12:25:44.183+02:00| svga| I125:   file version 0.0.0.0
2019-10-16T12:25:44.183+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d10d0000 size 0x0x00052000
2019-10-16T12:25:44.183+02:00| svga| I125:   checksum 0x0005e008 timestamp 0xf8807ba1
2019-10-16T12:25:44.183+02:00| svga| I125:   image file C:\Windows\System32\shlwapi.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cefb0000 size 0x0x00011000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000165ad timestamp 0x05bef372
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\kernel.appcore.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cefd0000 size 0x0x00017000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000209a8 timestamp 0xa51023f1
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\cryptsp.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d19e0000 size 0x0x00470000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00479990 timestamp 0xa7d94c0a
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\setupapi.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cfce0000 size 0x0x00026000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0002f62e timestamp 0xb59ada57
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\bcrypt.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d1610000 size 0x0x0006f000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00070793 timestamp 0x50866107
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\ws2_32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d0c30000 size 0x0x000c4000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000c7a6d timestamp 0x8fcb7820
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\oleaut32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.329
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cfdb0000 size 0x0x00149000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0014798b timestamp 0x080d7530
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\crypt32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cef20000 size 0x0x00012000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000134f9 timestamp 0xe4c2641f
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\msasn1.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff991ad0000 size 0x0x00099000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00095d08 timestamp 0x0f4dfe70
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\dsound.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ca420000 size 0x0x00024000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00022435 timestamp 0xd238be3c
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\winmm.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c8370000 size 0x0x000f0000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000f24a7 timestamp 0x0b289476
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\winhttp.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c6da0000 size 0x0x00041000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00042566 timestamp 0x42b29311
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\WinSCard.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x5ead0000 size 0x0x0001a000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0001ee05 timestamp 0x5d32a0b2
2019-10-16T12:25:44.184+02:00| svga| I125:   image file K:\tools\vmware\x64\zlib1.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 1.2.11.0
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ca600000 size 0x0x00013000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0001f367 timestamp 0x416eeff6
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\wtsapi32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ca360000 size 0x0x0002d000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0003505e timestamp 0xd6bb9be2
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\winmmbase.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ced10000 size 0x0x0002a000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00034410 timestamp 0x73cca382
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\devobj.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d15e0000 size 0x0x0002e000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0002d385 timestamp 0x4be57136
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\imm32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cdf50000 size 0x0x00031000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000338fa timestamp 0xd95e6299
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\ntmarta.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cd180000 size 0x0x00099000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x000962a9 timestamp 0xfdddb636
2019-10-16T12:25:44.184+02:00| svga| I125:   image file C:\Windows\System32\uxtheme.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x5bb80000 size 0x0x00248000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x00248720 timestamp 0x5d32893f
2019-10-16T12:25:44.184+02:00| svga| I125:   image file K:\tools\vmware\x64\libeay32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 1.0.2.19
2019-10-16T12:25:44.184+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ade00000 size 0x0x0005d000
2019-10-16T12:25:44.184+02:00| svga| I125:   checksum 0x0005f1c0 timestamp 0x5d32894e
2019-10-16T12:25:44.184+02:00| svga| I125:   image file K:\tools\vmware\x64\ssleay32.dll
2019-10-16T12:25:44.184+02:00| svga| I125:   file version 1.0.2.19
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ce2f0000 size 0x0x00033000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0003d7b5 timestamp 0xfa3c3542
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\rsaenh.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ce950000 size 0x0x0000c000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0000fc85 timestamp 0xfef011a6
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\CRYPTBASE.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cee00000 size 0x0x0002f000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0003972a timestamp 0x250d8234
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\sspicli.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ce780000 size 0x0x00067000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00066c3e timestamp 0x18af169c
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\mswsock.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ce4d0000 size 0x0x000ca000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x000cd47e timestamp 0x997f6419
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\dnsapi.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d1490000 size 0x0x00008000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00007f98 timestamp 0x64ef9ebf
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\nsi.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ce490000 size 0x0x0003a000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0003db3f timestamp 0x50afe730
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\IPHLPAPI.DLL
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bfba0000 size 0x0x0000a000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0000f693 timestamp 0x6a2bea39
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\rasadhlp.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d18c0000 size 0x0x000a2000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x000a702b timestamp 0x9506208f
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\clbcatq.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 2001.12.10941.16384
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bdec0000 size 0x0x00011000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00017bcc timestamp 0x6e82a406
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\wbem\wbemprox.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bde30000 size 0x0x00084000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00085b03 timestamp 0x6af5c06d
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\wbemcomn.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bdac0000 size 0x0x00014000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00016a19 timestamp 0xf9651a38
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\wbem\wbemsvc.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bd550000 size 0x0x00101000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00102890 timestamp 0x65ead981
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\wbem\fastprox.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bda70000 size 0x0x00015000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0001da1b timestamp 0xb26a0aaf
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\amsi.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cee30000 size 0x0x00025000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00028d50 timestamp 0xdbb466d6
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\userenv.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9bda20000 size 0x0x00044000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0004ae46 timestamp 0xafa3cfd3
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MpOAV.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 4.18.1909.6
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9ca1c0000 size 0x0x0000a000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00013092 timestamp 0x927b71e6
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\version.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d1680000 size 0x0x00008000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x0000d177 timestamp 0x3ebc2f6d
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\psapi.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c62a0000 size 0x0x001f4000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x001dca4b timestamp 0xe04b92e8
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\dbghelp.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9d1350000 size 0x0x00136000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00137919 timestamp 0x1dc2f89b
2019-10-16T12:25:44.185+02:00| svga| I125:   image file C:\Windows\System32\msctf.dll
2019-10-16T12:25:44.185+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.185+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cf350000 size 0x0x0005c000
2019-10-16T12:25:44.185+02:00| svga| I125:   checksum 0x00063f04 timestamp 0x1a03c9d6
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\wintrust.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cdfc0000 size 0x0x0005c000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0005ea7c timestamp 0x029f3766
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\winsta.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.53
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cc270000 size 0x0x0025b000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x00262b94 timestamp 0x7e72d1cb
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\d3d11.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cdbf0000 size 0x0x000eb000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x000ed5a5 timestamp 0xb54a43bb
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\dxgi.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.387
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cdb60000 size 0x0x00020000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0002a5ba timestamp 0xbc0e8e8e
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\DXCore.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cd090000 size 0x0x0008f000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x000912fd timestamp 0xff74693c
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\apphelp.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c2930000 size 0x0x001e0000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x001eca35 timestamp 0x5d976bfd
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\aticfx64.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 26.20.13025.10004
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c28f0000 size 0x0x00036000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0003777f timestamp 0x5d976c4a
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atiuxp64.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 26.20.13025.10004
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c02b0000 size 0x0x02639000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x01b00f4d timestamp 0x5d97706a
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 26.20.13025.10004
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c0280000 size 0x0x0002b000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0000000000 timestamp 0x5cf7100d
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\amdihk64.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 1.0.0.0
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9be720000 size 0x0x0002b000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0002a232 timestamp 0xfcc30f70
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\D3DSCache.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cd340000 size 0x0x0025a000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0026b282 timestamp 0x42f071ca
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\twinapi.appcore.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cd850000 size 0x0x00029000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x00035828 timestamp 0x5be0eb17
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\rmclient.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9acc50000 size 0x0x00066000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0007092f timestamp 0x6c139455
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\SensorsApi.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9af450000 size 0x0x00028000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x00026273 timestamp 0x9b1f4cab
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\SensorsNativeApi.V2.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9b3550000 size 0x0x00025000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x000262e4 timestamp 0x348cb243
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\SensorsUtilsV2.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9cae20000 size 0x0x000ef000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x000fa20a timestamp 0xbc1b9802
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\propsys.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 7.0.18362.267
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff99feb0000 size 0x0x00030000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x00035f43 timestamp 0x65441c6d
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\PortableDeviceTypes.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9addc0000 size 0x0x0003b000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x0003d78f timestamp 0xebb2781b
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\deviceaccess.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c78f0000 size 0x0x000ae000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x000b1c17 timestamp 0xdb1735e2
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\mscms.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c8350000 size 0x0x00017000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x00016d5e timestamp 0x9fd55c48
2019-10-16T12:25:44.186+02:00| svga| I125:   image file C:\Windows\System32\ColorAdapterClient.dll
2019-10-16T12:25:44.186+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.186+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c6990000 size 0x0x00043000
2019-10-16T12:25:44.186+02:00| svga| I125:   checksum 0x00046d10 timestamp 0x0830af3e
2019-10-16T12:25:44.187+02:00| svga| I125:   image file C:\Windows\System32\icm32.dll
2019-10-16T12:25:44.187+02:00| svga| I125:   file version 10.0.18362.267
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: including module base 0x0x7ff9c6270000 size 0x0x0002a000
2019-10-16T12:25:44.187+02:00| svga| I125:   checksum 0x00032d6f timestamp 0x17edc79f
2019-10-16T12:25:44.187+02:00| svga| I125:   image file C:\Windows\System32\dbgcore.dll
2019-10-16T12:25:44.187+02:00| svga| I125:   file version 10.0.18362.1
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 13800
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 15280
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 15716
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 12696
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 16368
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 8204
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 10196
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 15308
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 11152
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 9488
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 7044
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 11400
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 9248
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 7028
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 15256
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 16372
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 1456
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 12300
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 11408
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 6524
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 16260
2019-10-16T12:25:44.187+02:00| svga| I125: CoreDump: Including thread 15952
2019-10-16T12:25:44.271+02:00| svga| I125: Backtrace:
2019-10-16T12:25:44.272+02:00| svga| I125: backtrace[00] frame 0x9c53bf4f00 IP 0x7ff9c0784abb params 0x1a4e6d13d01 0x9c53bf5000 0x9c53bf4f40 0x7ff900000000 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000004d3abb] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.272+02:00| svga| I125: backtrace[01] frame 0x9c53bf5040 IP 0x7ff9c077c64e params 0x1a4e6a5b8c8 0x9c53bf5070 0x3 0x1 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000004cb64e] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.272+02:00| svga| I125: backtrace[02] frame 0x9c53bf5150 IP 0x7ff9c077bacd params 0x9c53bf5420 0 0 0 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000004caacd] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.272+02:00| svga| I125: backtrace[03] frame 0x9c53bf52f0 IP 0x7ff9c077b71b params 0 0 0x1a4e6d2fbf0 0x1a4e6a5b8c8 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000004ca71b] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[04] frame 0x9c53bf5700 IP 0x7ff9c077ac84 params 0x1a4e6a5b8c8 0x1a400000000 0x1a400000000 0x1a4e6a5b8c8 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000004c9c84] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[05] frame 0x9c53bf5750 IP 0x7ff9c077370e params 0x1a400000000 0x1a400000000 0x1a4d8459360 0x9c53bf5839 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000004c270e] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[06] frame 0x9c53bf5890 IP 0x7ff9c0412f0d params 0x1a4d8459360 0x1a4e6a5b8b0 0x1a4000004dc 0x1a4d8459360 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x0000000000161f0d] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[07] frame 0x9c53bf5a50 IP 0x7ff9c04276b6 params 0x1a4d851d280 0x1a4d853e758 0x4 0x1a4d851d280 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000001766b6] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[08] frame 0x9c53bf5ad0 IP 0x7ff9c0416770 params 0x1a4d851d280 0x1a4d849aac0 0x9c53bf62a0 0x1a4d851d280 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x0000000000165770] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[09] frame 0x9c53bf6050 IP 0x7ff9c03f59c4 params 0x1 0x9c53bf62a0 0x1a4d849aac0 0x9c53bf62a0 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000001449c4] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[10] frame 0x9c53bf6080 IP 0x7ff9c0339404 params 0 0x9c53bf6190 0x9c53bf62a0 0x1a4d31f6660 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x0000000000088404] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[11] frame 0x9c53bf61f0 IP 0x7ff9c0ac0518 params 0 0 0 0 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x000000000080f518] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[12] frame 0x9c53bf6250 IP 0x7ff9c0aa5c5b params 0 0x1a4d849a7c0 0x1a4d3214890 0x9c53bf9f10 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000007f4c5b] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[13] frame 0x9c53bf9eb0 IP 0x7ff9c0aa5792 params 0x1a4d849a7c0 0 0x1a4d3259c40 0x9c53bf9f10 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000007f4792] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[14] frame 0x9c53bf9ee0 IP 0x7ff9c0ad61a3 params 0x41 0x1a4d8516400 0x1a4d3247190 0x1a4d3222560 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000008251a3] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.273+02:00| svga| I125: backtrace[15] frame 0x9c53bf9f40 IP 0x7ff9c0aa5667 params 0 0x9c53bfa230 0 0x7ff9d207fc11 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000007f4667] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.274+02:00| svga| I125: backtrace[16] frame 0x9c53bf9f80 IP 0x7ff9c0b75251 params 0 0 0x9c53bfa230 0x7ff9d208346d [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x00000000008c4251] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.274+02:00| svga| I125: backtrace[17] frame 0x9c53bf9fc0 IP 0x7ff9c0334d6a params 0x1a4d323c670 0x3 0x3 0 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x0000000000083d6a] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.274+02:00| svga| I125: backtrace[18] frame 0x9c53bfa050 IP 0x7ff9c0334bb3 params 0x1 0 0x1a34aa80434 0x7ff900000003 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x0000000000083bb3] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.274+02:00| svga| I125: backtrace[19] frame 0x9c53bfa090 IP 0x7ff9c02bc05e params 0 0x9c53bfa230 0 0xffffffffffffffff [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x000000000000b05e] XdxQueryTlsLookupTable
2019-10-16T12:25:44.274+02:00| svga| I125: backtrace[20] frame 0x9c53bfa200 IP 0x7ff9c0a28246 params 0x1a4db959448 0x1a4dc386adc 0x1a34db87180 0x1 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x0000000000777246] AmdDxGsaFreeCompiledShader
2019-10-16T12:25:44.274+02:00| svga| I125: backtrace[21] frame 0x9c53bfa330 IP 0x7ff9c02cd8b1 params 0 0x9c53bfa440 0x1a4db959438 0x7ff9d207ba17 [C:\WINDOWS\System32\DriverStore\FileRepository\u0347338.inf_amd64_17d1b402964eb558\B347375\atidxx64.dll base 0x00007ff9c02b0000 0x0001:0x000000000001c8b1] XdxQueryTlsLookupTable
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[22] frame 0x9c53bfa338 IP 0x7ff9cc298edc params 0x9c53bfa440 0x1a4db959438 0x7ff9d207ba17 0x9c53bfa4b0 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x0000000000027edc] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x28edc
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[23] frame 0x9c53bfa620 IP 0x7ff9cc2a295f params 0x9c53bfac80 0x7ff9cc452388 0x1a4db9592d0 0 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x000000000003195f] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x3295f
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[24] frame 0x9c53bfa680 IP 0x7ff9cc2a289a params 0x1a4db959328 0x9c53bfac80 0x9c53bfacb0 0x7ff9cc452388 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x000000000003189a] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x3289a
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[25] frame 0x9c53bfaac0 IP 0x7ff9cc28ee58 params 0 0x1a4db9592d0 0 0x1a34aa80000 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x000000000001de58] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x1ee58
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[26] frame 0x9c53bfac30 IP 0x7ff9cc29b17d params 0x1a4db9592d0 0x9 0x188 0x30 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x000000000002a17d] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x2b17d
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[27] frame 0x9c53bfae20 IP 0x7ff9cc29b950 params 0x1a34db77c50 0x7ff900000009 0x1a4dc386a40 0x1a34db78488 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x000000000002a950] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x2b950
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[28] frame 0x9c53bfae80 IP 0x7ff9cc2814f4 params 0x1a4dc386a40 0xb000 0x9c53bfb190 0x21c60 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x00000000000104f4] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x114f4
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[29] frame 0x9c53bfb030 IP 0x7ff9cc281463 params 0x1a34db78488 0x1a4dc386a40 0x53e0 0 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x0000000000010463] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x11463
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[30] frame 0x9c53bfb080 IP 0x7ff9cc2811e8 params 0 0x9c53bfb190 0x1a4dbb6ab80 0 [C:\WINDOWS\SYSTEM32\D3D11.DLL base 0x00007ff9cc270000 0x0001:0x00000000000101e8] <C:\WINDOWS\SYSTEM32\D3D11.DLL>+0x111e8
2019-10-16T12:25:44.275+02:00| svga| I125: backtrace[31] frame 0x9c53bfb088 IP 0x7ff6e517ef43 params 0x9c53bfb190 0x1a4dbb6ab80 0 0x1a4dc4c6cc0 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000002bdf43] <K:\tools\vmware\x64\vmware-vmx.exe>+0x2bef43
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[32] frame 0x9c53bff1b0 IP 0x7ff6e5180af6 params 0x7ff6e4ec0000 0x1a4d38ae5a0 0x1a4d38ae5a0 0x5000 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000002bfaf6] <K:\tools\vmware\x64\vmware-vmx.exe>+0x2c0af6
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[33] frame 0x9c53bff6f0 IP 0x7ff6e517fbc9 params 0x1a4dc3a38f0 0x7ff6e4ec0000 0x502b 0x502b [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000002bebc9] <K:\tools\vmware\x64\vmware-vmx.exe>+0x2bfbc9
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[34] frame 0x9c53bff730 IP 0x7ff6e517cb61 params 0x1a4dc3a3850 0xa 0x1a4dc3a93b8 0xa [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000002bbb61] <K:\tools\vmware\x64\vmware-vmx.exe>+0x2bcb61
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[35] frame 0x9c53bff780 IP 0x7ff6e51aec0e params 0x100 0x9c53bff900 0x880 0x1a4dc3a3840 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000002edc0e] <K:\tools\vmware\x64\vmware-vmx.exe>+0x2eec0e
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[36] frame 0x9c53bff7f0 IP 0x7ff6e50b2d3b params 0x8801 0x100 0 0xa68 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000001f1d3b] <K:\tools\vmware\x64\vmware-vmx.exe>+0x1f2d3b
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[37] frame 0x9c53bff9b0 IP 0x7ff6e5031742 params 0 0x1 0x9c53bffa2c 0x140 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x0000000000170742] <K:\tools\vmware\x64\vmware-vmx.exe>+0x171742
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[38] frame 0x9c53bff9e0 IP 0x7ff6e502f358 params 0 0xa 0xa 0x1a300000000 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x000000000016e358] <K:\tools\vmware\x64\vmware-vmx.exe>+0x16f358
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[39] frame 0x9c53bffa50 IP 0x7ff6e4f7b45a params 0x1a4d3695080 0x7ff6e4f7b170 0xffffffffffffffff 0 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x00000000000ba45a] <K:\tools\vmware\x64\vmware-vmx.exe>+0xbb45a
2019-10-16T12:25:44.276+02:00| svga| I125: backtrace[40] frame 0x9c53bffb10 IP 0x7ff6e54c4e09 params 0 0 0 0 [K:\tools\vmware\x64\vmware-vmx.exe base 0x00007ff6e4ec0000 0x0001:0x0000000000603e09] <K:\tools\vmware\x64\vmware-vmx.exe>+0x604e09
2019-10-16T12:25:44.278+02:00| svga| I125: backtrace[41] frame 0x9c53bffb18 IP 0x7ff9d0ef7bd4 params 0 0 0 0 [C:\WINDOWS\System32\KERNEL32.DLL base 0x00007ff9d0ee0000 0x0001:0x0000000000016bd4] BaseThreadInitThunk
2019-10-16T12:25:44.281+02:00| svga| I125: backtrace[42] frame 0x9c53bffb48 IP 0x7ff9d20aced1 params 0 0 0 0 [C:\WINDOWS\SYSTEM32\ntdll.dll base 0x00007ff9d2040000 0x0001:0x000000000006bed1] RtlUserThreadStart
2019-10-16T12:25:44.281+02:00| svga| I125: Msg_Post: Error
2019-10-16T12:25:44.281+02:00| svga| I125: [msg.log.error.unrecoverable] VMware Workstation unrecoverable error: (svga)
2019-10-16T12:25:44.281+02:00| svga| I125+ Exception 0xc0000005 (access violation) has occurred.
2019-10-16T12:25:44.281+02:00| svga| I125: [msg.panic.haveLog] A log file is available in "K:\vmware_images\windows_10_x64_uefi\vmware.log".  
2019-10-16T12:25:44.281+02:00| svga| I125: [msg.panic.requestSupport.withoutLog] You can request support.  
2019-10-16T12:25:44.281+02:00| svga| I125: [msg.panic.requestSupport.vmSupport.windowsOrLinux] 
2019-10-16T12:25:44.281+02:00| svga| I125+ To collect data to submit to VMware support, choose "Collect Support Data" from the Help menu.
2019-10-16T12:25:44.281+02:00| svga| I125+ You can also run the "vm-support" script in the Workstation folder directly.
2019-10-16T12:25:44.281+02:00| svga| I125: [msg.panic.response] We will respond on the basis of your support entitlement.
2019-10-16T12:25:44.281+02:00| svga| I125: ----------------------------------------
2019-10-16T12:25:44.965+02:00| mks| W115: Panic in progress... ungrabbing
2019-10-16T12:25:44.965+02:00| mks| I125: MKS: Release starting (Panic)
2019-10-16T12:25:44.965+02:00| mks| I125: MKS: Release finished (Panic)

Timeline

2019-10-23 - Vendor Disclosure 2019-01-13 - Vendor confirmed fix and no issues found on versions 15.5.1 with 20.1.1 AMD drivers
2020-01-21 - Public Release

Credit

Discovered by Piotr Bania of Cisco Talos.